-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Bjoern,
Try it with an exclamation mark at the end. Regards Noel Kuntze Am 11.11.2013 10:28, schrieb bjoern wahl: > Hello Noel, > > thanks for the fast response. > > I did that already: > > ====================================================================== > ike=aes128-sha1-modp1536,aes128-md5-modp1536,3des-md5-modp1024,aes128-sha1-modp1024,aes256-sha-modp1024,3des-md5-modp1024 > esp=aes128-sha1,aes128-md5,aes256-md5,aes256-sha1,3des-sha1,3des-md5 > ====================================================================== > > Did not help. > > björn > > > Mit freundlichen Grüßen > > __________________________________ > > Björn Wahl > Leiter EDV-Abteilung > Betriebswirt Fachrichtung Wirtschaftsinformatik > > > St.-Marien Hospital Borken GmbH > Am Boltenhof 7 - D-46325 Borken > Telefon: +49 (0) 2861 97 - 1125 > Telefax: +49 (0) 2861 97 - 5 1122 > [email protected] > www.hospital-borken.de > > Registergericht: Amtsgericht Coesfeld > Registernummer : HR B 4914 > Vertretungsberechtigter Geschäftsführer: Dipl.-Kfm. Christoph Bröcker > Umsatzsteuer-Identifikationsnummer gem 27 a Umsatzsteuergesetz: DE > 307/5937/0049 > _________________________________ >>>> Noel Kuntze <[email protected]> 11.11.13 10.16 Uhr >>> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Bjoern, > > In this case, you need to set the cipher settings for IKE by hand. > You can do this using the "ike" statement (and maybe the esp" statement, > too) in ipsec.conf > See the manpage for further information. > > Regards > Noel Kuntze > > Am 11.11.2013 09:57, schrieb bjoern wahl: >> Hello! >> >> Just after solving the problem with my Certs for WIN7 ( thanks to > Martin >> for the good hint) i hit the next Problem. >> >> I would like to migrate old VPNs to my new VPN-GW. >> >> >From Linux Openswan U2.4.4/K2.6.16.60-0.83.2-smp (netkey) to Linux >> strongSwan U5.1.1/K3.0.93-0.8-default. >> >> With my first try i got a problem, the logs telling me: >> >> > ======================================================================== >> 13[IKE] IKE_SA p123[1] established between >> 11.11.11.11[11.11.11.11]...22.22.22.22[22.22.22.22] >> 13[ENC] generating QUICK_MODE request 1243619134 [ HASH SA No ID ID ] >> 13[NET] sending packet: from 11.11.11.11[500] to 22.22.22.22[500] (284 >> bytes) >> 14[NET] received packet: from 22.22.22.22[500] to 11.11.11.11[500] (92 >> bytes) >> 14[ENC] parsed INFORMATIONAL_V1 request 2876618417 [ HASH N(NO_PROP) ] >> 14[IKE] received NO_PROPOSAL_CHOSEN error notify >> > ======================================================================== >> >> On my old GW everything till working fine: >> >> > ======================================================================== >> 003 "p123" #13615: NAT-Traversal: Result using 3: no NAT detected >> 002 "p123" #13615: transition from state STATE_MAIN_I2 to state >> STATE_MAIN_I3 >> 108 "p123" #13615: STATE_MAIN_I3: sent MI3, expecting MR3 >> 002 "p123" #13615: Main mode peer ID is ID_IPV4_ADDR: '22.22.22.22' >> 002 "p123" #13615: transition from state STATE_MAIN_I3 to state >> STATE_MAIN_I4 >> 004 "p123" #13615: STATE_MAIN_I4: ISAKMP SA established >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha > group=modp1024} >> 002 "p123" #13616: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP >> {using isakmp#13615} >> 117 "p123" #13616: STATE_QUICK_I1: initiate >> 003 "p123" #13616: ignoring informational payload, type >> IPSEC_RESPONDER_LIFETIME >> 002 "p123" #13616: transition from state STATE_QUICK_I1 to state >> STATE_QUICK_I2 >> 004 "p123" #13616: STATE_QUICK_I2: sent QI2, IPsec SA established >> {ESP=>0xeaaec3ed <0x3f7a355f xfrm=AES_256-HMAC_SHA1 >> NATD=212.159.204.76:500 DPD=none} >> > ======================================================================== >> >> I just tought it might be because the cipher is not included in my new >> Strongswan and so did look that up i did not find aes_256 in >> my new Strongswan, is that the problem ? >> How to add that cipher ? >> >> > ======================================================================== >> List of X.509 End Entity Certificates: >> >> altNames: .... >> >> List of X.509 CA Certif > icates: >> >> s.... >> >> List of registered IKE algorithm> integrity: HMAC_MD5_96[hmac] >> HMAC_SHA1_96[hmac] AES_XCBC_96[xcbc] >> HMAC_MD5_128[hmac] HMAC_SHA1_160[hmac] >> AES_CMAC_96[cmac] HMAC_SHA2_256_128[hmac] >> HMAC_SHA2_384_192[hmac] HMAC_SHA2_512_256[hmac] >> HMAC_SHA1_128[hmac] HMAC_SHA2_256_256[hmac] >> HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_512[hmac] >> aead: >> hasher: HASH_MD4[md4] HASH_MD5[md5] HASH_SHA1[sha1] >> HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] >> HASH_SHA512[sha2] >> prf: PRF_HMAC_MD5[hmac] PRF_HMAC_SHA1[hmac] >> PRF_AES128_XCBC[xcbc] PRF_HMAC_SHA2_256[hmac] >> PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac] >> PRF_AES128_CMAC[cmac] PRF_FIPS_SHA1_160[fips-prf] >> PRF_KEYED_SHA1[sha1] >> dh-group: MODP_768[gmp] MODP_1024[gmp] MODP_1536[gmp] > MODP_2048[gmp] >> MODP_3072[gmp] MODP_4096[gmp] MODP_6144[gmp] >> MODP_8192[gmp] MODP_1024_160[gmp] MODP_2048_224[gmp] >> MODP_2048_256[gmp] MODP_CUSTOM[gmp] >> random-gen: RNG_STRONG[random] RNG_TRUE[random] >> nonce-gen: [nonce] >> >> List of loaded Plugins: >> >> charon: >> CUSTOM:libcharon >> NONCE_GEN >> CUSTOM:libcharon-receiver >> CUSTOM:kernel-ipsec >> CUSTOM:kernel-net >> CUSTOM:libcharon-receiver >> HASHER:HASH_SHA1 >> RNG:RNG_STRONG >> CUSTOM:socket >> aes: >> CRYPTER:AES_CBC-16 >> CRYPTER:AES_CBC-24 >> CRYPTER:AES_CBC-32 >> des: >> CRYPTER:3DES_CBC-24 >> CRYPTER:DES_ >> CBC-8 >> CRYPTER:DES_ECB-8 >> rc2: >> CRYPTER:RC2_CBC-0 >> sha HASHER:HASH_SHA384 >> HASHER:HASH_SHA512 >> md4: >> HASHER:HASH_MD4 >> md5: >> HASHER:HASH_MD5 >> random: >> RNG:RNG_STRONG >> RNG:RNG_TRUE >> nonce: >> NONCE_GEN >> RNG:RNG_WEAK >> x509: >> CERT_ENCODE:X509 >> HASHER:HASH_SHA1 >> CERT_DECODE:X509 >> HASHER:HASH_SHA1 >> PUBKEY:RSA (soft) >> PUBKEY:ECDSA (soft) >> PUBKEY:DSA (soft) >> CERT_ENCODE:X509_AC >> CERT_DECODE:X509_AC >> CERT_ENCODE:X509_CRL >> CERT_DECODE:X509_CRL >> CERT_ENCODE:X509_OCSP_REQUEST >> HASHER:HASH_SHA1 >> RNG:RNG_WEAK >> CERT_DECODE:X509_OCSP_RESPONSE >> CERT_ENCODE:PKCS10_REQUEST >> CERT_DECODE:PKCS10_REQUEST >> revocation: >> CUSTOM:revocation >> CERT_ENCODE:X509_OCSP_REQUEST (soft) >> CERT_DECODE:X509_OCSP_RESPONSE (soft) >> CERT_DECODE:X509_CRL (soft) >> CERT_DECODE:X509 (soft) >> FETCHER:(null) (soft) >> constraints: >> CUSTOM:constraints >> CERT_DECODE:X509 (soft) >> pubkey: >> CERT_ENCODE:TRUSTED_PUBKEY >> CERT_DECODE:TRUSTED_PUBKEY >> PUBKEY:RSA (soft) >> PUBKEY:ECDSA (soft) >> PUBKEY:DSA (soft) >> pkcs1: >> PRIVKEY:RSA >> PUBKEY:ANY >> PUBKEY:RSA >> pkcs7: >> CONTAINER_DECODE:PKCS7 >> CONTAINER_ENCODE:PKCS7_DATA >> CONTAINER_ENCODE:PKCS7_SIGNED_DATA >> CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA >> pkcs8: >> PRIVKEY:ANY >> PRIVKEY:RSA >> PRIVKEY:ECDSA >> pkcs12: >> CONTAINER_DECODE:PKCS12 >> CONTAINER_DECODE:PKCS7 >> CERT_DECODE:X509 (soft) >> PRIVKEY:ANY (soft) >> HASHER:HASH_SHA1 (soft) >> CRYPTER:3DES_CBC-24 (soft) >> CRYPTER:RC2_CBC-0 (soft) >> pgp: >> PRIVKEY:ANY >> PRIVKEY:RSA >> PUBKEY:ANY >> PUBKEY:RSA >> CERT_DECODE:PGP >> dnskey: >> PUBKEY:ANY >> PUBKEY:RSA >> sshkey: >> PUBKEY:ANY >> pem: >> PRIVKEY:ANY >> PRIVKEY:ANY >> HASHER:HASH_MD5 (soft) >> PRIVKEY:RSA >> PRIVKEY:RSA >> HASHER:HASH_MD5 (soft) >> PRIVKEY:ECDSA >> PRIVKEY:ECDSA >> HASHER:HASH_MD5 (soft) >> PRIVKEY:DSA (not loaded) >> PRIVKEY:DSA >> HASHER:HASH_MD5 (soft) >> PUBKEY:ANY >> PUBKEY:ANY >> PUBKEY:RSA >> PUBKEY:RSA >> PUBKEY:ECDSA (not loaded) >> PUBKEY:ECDSA >> PUBKEY:DSA (not loaded) >> > PUBKEY:DSA >> CERT_DECODE:ANY >> CERT_DECOD> CERT_DECODE:X509_CRL >> CERT_DECODE:X509_OCSP_REQUEST (not loaded) >> CERT_DECODE:X509_OCSP_REQUEST >> CERT_DECODE:X509_OCSP_RESPONSE >> CERT_DECODE:X509_OCSP_RESPONSE >> CERT_DECODE:X509_AC >> CERT_DECODE:X509_AC >> CERT_DECODE:PKCS10_REQUEST >> CERT_DECODE:PKCS10_REQUEST >> CERT_DECODE:TRUSTED_PUBKEY >> CERT_DECODE:TRUSTED_PUBKEY >> CERT_DECODE:PGP >> CERT_DECODE:PGP >> CONTAINER_DECODE:PKCS12 >> CONTAINER_DECODE:PKCS12 >> fips-prf: >> PRF:PRF_FIPS_SHA1_160 >> PRF:PRF_KEYED_SHA1 >> gmp: >> DH:MODP_2048 >> RNG:RNG_STRONG >> DH:MODP_2048_224 >> RNG:RNG_STRONG >> DH:MODP_2048_256 >> RNG:RNG_STRONG >> DH:MODP_1536 >> RNG:RNG_STRONG >> DH:MODP_3072 >> RNG:RNG_STRONG >> DH:MODP_4096 >> RNG:RNG_STRONG >> DH:MODP_6144 >> RNG:RNG_STRONG >> DH:MODP_8192 >> RNG:RNG_STRONG >> DH:MODP_1024 >> RNG:RNG_STRONG >> DH:MODP_1024_160 >> RNG:RNG_STRONG >> DH:MODP_768 >> RNG:RNG_STRONG >> DH:MODP_CUSTOM >> RNG:RNG_STRONG >> PRIVKEY:RSA >> PRIVKEY_GEN:RSA >> RNG:RNG_TRUE >> PUBKEY:RSA >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1 >> HASHER:HASH_SHA1 >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224 >> HASHER:HASH_SHA224 >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256 >> HASHER:HASH_SHA256 >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384 >> HASHER:HASH_SHA384 >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512 >> HASHER:HASH_SHA512 >> PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5 >> HASHER:HASH_MD5 >> PUBKEY_VERIFY:RS >> A_EMSA_PKCS1_NULL >> PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1 >> PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384 >> HASHER:HASH_SHA384 >> PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512 >> HASHER:HASH_SHA512 >> PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5 >> HASHER:HASH_MD5 >> PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1 >> PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1 >> RNG:RNG_WEAK >> xcbc: >> PRF:PRF_AES128_XCBC >> CRYPTER:AES_CBC-16 >> PRF:PRF_CAMELLIA128_XCBC (not loaded) >> CRYPTER:CAMELLIA_CBC-16 >> SIGNER:CAMELLIA_XCBC_96 (not loaded) >> CRYPTER:CAMELLIA_CBC-16 >> SIGNER:AES_XCBC_96 >> CRYPTER:AES_CBC-16 >> cmac: >> PRF:PRF_AES128_CMAC >> CRYPTER:AES_CBC-16 >> SIGNER:AES_CMAC_96 >> CRYPTER:AES_CBC-16 >> hmac: >> PRF:PRF_HMAC_SHA1 >> HASHER:HASH_SHA1 >> PRF:PRF_HMAC_MD5 >> HASHER:HASH_MD5 >> PRF:PRF_HMAC_SHA2_256 >> HASHER:HASH_SHA256 >> PRF:PRF_HMAC_SHA2_384 >> HASHER:HASH_SHA384 >> PRF:PRF_HMAC_SHA2_512 >> HASHER:HASH_SHA512 >> SIGNER:HMAC_SHA1_96 >> HASHER:HASH_SHA1 >> SIGNER:HMAC_SHA1_128 >> HASHER:HASH_SHA1 >> SIGNER:HMAC_SHA1_160 >> HASHER:HASH_SHA1 >> SIGNER:HMAC_MD5_96 >> HASHER:HASH_MD5 >> SIGNER:HMAC_MD5_128 >> HASHER:HASH_MD5 >> SIGNER:HMAC_SHA2_256_128 >> HASHER:HASH_SHA256 >> SIGNER:HMAC_SHA2_256_256 >> HASHER:HASH_SHA256 >> SIGNER:HMAC_SHA2_384_192 >> HASHER:HASH_SHA384 >> SIGNER:HMAC_SHA2_384_384 >> HASHER:HASH_SHA384 >> SIGNER:HMAC_SHA2_512_256 >> HASHER:HASH_SHA512 >> SIGNER:HMAC_SHA2_512_512 >> HASHER:HASH_SHA512 >> attr: >> CUSTOM:attr >> kernel-netlink: >> CUSTOM:kernel-ipsec >> CUSTOM:kernel-net >> resolve: >> CUSTOM:resolve >> socket-default: >> CUSTOM:socket >> CUSTOM:kernel-ipsec (soft) >> stroke: >> CUSTOM:stroke >> PRIVKEY:RSA (soft) >> PRIVKEY:ECDSA (soft) >> PRIVKEY:DSA (soft) >> CERT_DECODE:ANY (soft) >> CERT_DECODE:X509 (soft) >> CERT_DECODE:X509_CRL (soft) >> CERT_DECODE:X509_AC (soft) >> CERT_DECODE:TRUSTED_PUBKEY (soft) >> updown: >> CUSTOM:updown >> eap-identity: >> > EAP_SERVER:ID >> EAP_CLIENT:ID >> eap-mschapv2: >> > EAP_CLIENT:MSCHAPV2 >> CRYPTER:DES_ECB-8 >> HASHER:HASH_MD4 >> HASHER:HASH_SHA1 >> RNG:RNG_WEAK >> eap-radius: >> EAP_SERVER:RAD >> CUSTOM:eap-radius >> XAUTH_SERVER:radius >> CUSTOM:eap-radius >> CUSTOM:eap-radius >> HASHER:HASH_MD5 >> SIGNER:HMAC_MD5_128 >> RNG:RNG_WEAK >> eap-tls: >> EAP_SERVER:TLS >> HASHER:HASH_MD5 >> HASHER:HASH_SHA1 >> RNG:RNG_WEAK >> EAP_CLIENT:TLS >> HASHER:HASH_MD5 >> HASHER:HASH_SHA1 >> RNG:RNG_WEAK >> RNG:RNG_STRONG >> xauth-generic: >> XAUTH_SERVER:generic >> XAUTH_CLIENT:generic >> >> > ======================================================================== >> >> > ---------------------------------------------------------------------------------------------------- >> Klinikverbund Westmünsterland gGmbH >> Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken >> Registergericht Coesfeld, HRB Nr. 8983 >> Ust.-Id.Nr.: DE 222740345 >> Hauptgeschäftsführer: Hermann Nientiedt >> Geschäftsführer: Christoph Bröcker, Ludger Hellmann >> >> Diese E-Mail enthält vertrauliche oder rechtlich geschützte >> Informationen. Wenn Sie nicht der beabsichtige Empfänger sind, >> informieren Sie bitte sofort den Absender und löschen Sie diese > E-Mail. >> >> Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe > der >> enthaltenen Informationen ist nicht gestattet. >> >> Dem Klinikverbund Westmünsterland sind fünf Krankenhäuser mit 1.332 >> Planbetten und mehrere Einrichtungen der Altenhilfe angeschlossen. > Mehr >> als 50 Fachbereiche orientieren sich an neusten medizinischen > Standards >> und erfüllen die hohen Anforderungen einer qualifizierten und >> zertifizierten Versorgung. Rund 50.000 Patienten werden jährlich in > den >> Krankenhäusern station� >> �r behandelt. Mit über 3.800 Mitarbeitern gehört >> der Verbund zu den größten Arbeitgebern der Region. >> >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSgKC0AAoJEDg5KY9j7GZY1z8P/jbOCJLXjA1R6dR/VrUCF1nc > KLHwtG9zEJYAnCtPIUfaGtiaRACE5Vunte1OIEAvs5NZQvl9sfRASvpwpmpZAAp9 > FReP0oxq026ofGUMleqaB5Ug2YhgWYJmwzhZWRK/cveUYNn5xUjg5dzdsWU6JZsL > oX6rK0xgsolnaI61OSGq3X3boIitTE4fQgrQkGz4RDzYWtMkloRMN1MSjCG5iryT > KBil3bC/vAiZjfJ6Ebb2R/Ib/FNFVw9cVFInrbud6s/2Dy9YSJw6B/J1psTm0aDQ > Fzftrkvoj8g3BLxmrdVmNNQE1yon044OtMnv8mk9FOykXfIqpNQEVV8HRatQfBZD > 6iptFA2up7BR0J0F6BZzoW0Pq0JochHlDiycQtzsfEBgMInQ1uKR95wdHn5Lce+4 > onOj8f4U7jDRApyELrTp8n5ZTx2g+G7OTMBtY6Sl6lu6o+RYmwUqnfKHpb/hd/i5 > 0wx0RDBMagRu9Vj0nii67lV76JBXREf7E2egHuGJPG3hecGkbejbu0wDkcQdWwCZ > AlhBJYD22D5sTPTWpOYMyuiz7BkqPWXzCRBq44JR1t7k+vSy9tpjzceLe87NVJyL > n8UO8TZ+GMCGEg3h1PqsxkMpxKKxPMybRen0t4FxebqDJP3Rleb8c295l/PLmH+F > mqRPWEuUbEOyzf9HTpxv > =D3Fk > -----END PGP SIGNATURE----- > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSgKVFAAoJEDg5KY9j7GZYLtIP/0DHe7i/H0+QP/8JfjiGKwLE jQU8ZgqpWIvIvIj/cOhC5fFco3eUOaYdRP+4Tx8q+2M1P4Lef9zYVDUBk6b2R5nF LJhoJr7z2ImL3ZtbI8HKCUsHSYhFHBY3YNqrAyUx8ixrG336Aywc5OkSluDfCWic nyY9pW1zAhlsL/sgCFVTmtC/QFjyFbtTRGGeR6Ou5WDIIH3qUPCTbwbdDu2l2Ud2 KS8ehpxTrDMSGH06t/gXVRCU2IB6e1R411h2CdgKyKeCQSIWDDgrlX5+mI7h30kG pMS/KL83Uhm/M3u2hukxNeAyz7ZQ10wlrhPCHhTweY0CRKVPVzotrsanvzoTIWSD OJic5vUMl5B8tNqOHsl39lpZbFo4KUG5tnN2OlqMfCU27gAG6mPC6rALowmlprxM nfcUM5EP8R90QCLJtKJDuvXy5F5aREDEHuDddyR+qILFUzYC2/0+Kc2SxcOu5mYO 7ANyHI+ci/VT1itucTltRkF15IiriThvNYOpkyCOn8oWwPPrE8IUiEba0JafYr+S Ca71QEuqxQFGARsyiFjiJ0ZQImRi2Wrpt3in/qfwoLTEccssN6V8SbvfB79a1lKB 89rOSvM2qvXOe7ZTsGoghxhGxjxdMVMAEbt0In/bGYJ5xhaWdOSv7sVcr9JKl+mp yjPAod0DUNCtJusk4uUv =tINk -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
