Hi Jessie, the following link lists all valid IKEv2 crypto algorithms:
http://wiki.strongswan.org/wiki/strongswan/IKEv2CipherSuites Thus ike=aes_cbc-hmac_sha1_96 will not be accepted but ike=aes-sha1 or ike=aes128-sha1 will. Best regards Andreas Jessie Liu wrote: > Hi all, I got the problem that client sends IKE_SA_INIT message to > security gateway, but security gateway did not respond. so i capture > the message using ethereal and found that in IKE_SA_INIT message > UNKNOWN -INTEGRITY-ALG occured. even if i specify the encryption and > integirty algorithm in ipsec.conf by using ike=aes_cbc-hmac_sha1_96, > UNKNOWN -INTEGRITY-ALG still appeared in the IKE_SA_INIT message. > And this is the root cause that security gateway did not responed?? > and how to remove this? > > attached please find the ethereal file. > > Thanks a lot. ^_________^ ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
