[Swan] meaning of error code -> ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS

Amir Naftali Tue, 09 Jan 2018 04:54:07 -0800

Hello All,

I have the following issue when connecting a libreswan server and a remote
IPSec peer (non libreswan)


my libreswan is running on ubuntu 14.04 LTS


During key renegotiation I see the following messages in the logs

Jan  9 09:10:20 hostname pluto[7888]: "connection/6x6" #35475: the peer
proposed: 192.168.48.0/20:0/0 -> 100.16.2.200/32:0/0

Jan  9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476:
*ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS* must only be used with old IETF
drafts

Jan 9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476: sending
encrypted notification *BAD_PROPOSAL_SYNTAX* to X.X.X.X:4500


The connection configuration (removed some left/right subnets to simplify)


conn connection
    authby=secret
    auto=start
    dpdaction=restart_by_peer
    dpddelay=30
    dpdtimeout=120
    forceencaps=no
    ike=aes256-sha1;modp1024
    ikelifetime=28800s
    keyingtries=3
    left=local IP
    leftid=my id
    leftsubnets=192.168.48.0/20...
    pfs=no
    phase2alg=aes256-sha1
    right=remote ip
    rightid=remote id
    rightsubnets=100.16.2.200/32...
    salifetime=3600s
    type=tunnel


What does the ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS  message mean?
what should I do to fix this (do I need to fix it)?

Appriciate your insight

Amir


*Amir Naftali*| *CTO 40Cloud*| *FireMon*

D: +972.73.3905722| C: +972.54.4972622

amir@ <amir.naft...@firemon.com>fortycloud.com | *www.40cloud.com
<http://www.40cloud.com/>*


*40Cloud - Making Your Public Cloud Private*

_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

[Swan] meaning of error code -> ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS

Reply via email to