Hi Philip, with IKEv1 there are no hash algorithms used for the ISAKMP_SA truncated to 96 bits (only the ESP algorithms are)
In order to diagnose your problem I'd need a full log output preferably with plutodebug="all" enabled in ipsec.conf. Best regards Andreas > Hi, > > I'm trying to establish an IPSec tunnel to Amazon VPC. > > I'm getting the following problem when doing an "ipsec statusall". > > /000 "net-net": IKE algorithms wanted: 7_128-2-2, / > /000 "net-net": IKE algorithms found: 7_128-2_160-2, / > > > When doing an "ipsec listall", these are my registered IKE Hash Algorithms: > > /000 List of registered IKE Hash Algorithms:/ > /000 / > /000 #1 OAKLEY_MD5, hashsize: 128/ > /000 #2 OAKLEY_SHA, hashsize: 160/ > /000 #4 OAKLEY_SHA2_256, hashsize: 256/ > /000 #5 OAKLEY_SHA2_384, hashsize: 384/ > /000 #6 OAKLEY_SHA2_512, hashsize: 512/ > > > I suspect the problem is that there is no hash algorithm registered that > is 96bit hashsize. Can anyone suggest how to load additional hash > algorithms, or identify what else this problem might be? > > > > Thanks, > Phil > > -- > Philip Hunt > 021 424 996 -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
