I guess that wireshark is not up to date. Integrity Algorithm no 12 is defined in RFC4868 as
AUTH_HMAC_SHA2_256_128 The RFC was published in May 2007. I guess this Integrity Algorithm is unknown to wireshark. That's why it displays "UNKOWN-INTEGRITY-ALG". What kind of security gateway are you using? Do you have any log files? Jessie Liu wrote: > Hi all, > I got the problem that client sends IKE_SA_INIT message to security > gateway, but security gateway did not respond. > so i capture the message using ethereal and found that in IKE_SA_INIT > message UNKNOWN -INTEGRITY-ALG occured. even if i specify the encryption and > integirty algorithm in ipsec.conf by using ike=aes_cbc-hmac_sha1_96, > UNKNOWN -INTEGRITY-ALG still appeared in the IKE_SA_INIT message. And this > is the root cause that security gateway did not responed?? > and how to remove this? > > attached please find the ethereal file. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
