I ran this against a cisco device. I looked at the packet capture and it shows that the key exchange DH group is undefined. Has anyone tried with load-tester on 5.3.5?
On Sat, Jan 30, 2016 at 2:22 AM, Thomas Egerer <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Michael, > > while unloading the dishwasher I gave your issue another thought ;) > It seems I have somehow misread your problem. The peer you are trying > to connect the load tester to, runs which VPN-service? If it is a > strongwan instance, you should provide the version, log information > of the IKE negotiation and an output of your config (stroke statusall). > It seems odd, that the peer does not accept modp 1024 while it request > this same modp group in the response. > Does the peer a plugin loaded that provides modp 1024 (gcrypt, gmp, > openssl)? You should see this in 'stroke listall'. > > Cheers, > Thomas > > On 01/30/2016 12:20 AM, Michael Chan wrote: > > I looked at the ike logs and I see the following message > > > > [ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] > > [IKE] peer didn't accept DH group MODP_1024, it requested MODP_1024 > > > > The packet capture shows the DH group is undefined. Is there a parameter > to > > set the DH group for the ike key exchange? I have the following parameter > > in my load-tester.conf file. > > proposal = aes-sha1-modp1024 > > > > > > > > > > On Fri, Jan 29, 2016 at 12:40 PM, Michael Chan <[email protected]> > wrote: > > > >> Hi, > >> I'm wanting to use the load-tester plugin to perform load testing > on > >> remote host, but the remote host keeps sending back INVALID_KE_PAYLOAD > >> message back. When I do a packet capture I see that the DH group for key > >> exchange payload is undefined. I tried setting in the load-tester.conf > file > >> esp and proposal to use modp1024, but it doesn't change the key exchange > >> payload DH group at all. Is there a way to set the group in load-tester? > >> > >> Thanks, > >> Michael > >> > > > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > https://lists.strongswan.org/mailman/listinfo/users > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJWrI7BAAoJEGK31ONirBTGozAP/2VUe4t/ZoCnSrxfMRzHat6X > IDmLzonBQVasovtUMVZn6grRy3IxhEQi6B7cnFwxeIkRG2Jh6gTSKGGwwho84mLP > MsnG3SrIuLwTCd/7unVxR6OFNsbKo07MhJFo/hVO4WlOKp0yKay+DuV8TBUVAAiq > FuZVTEgwJGTM83uOzOPC1b0Mfgr1T5prSFxSddq9GT3aEA5UR5pKK7655dRygrZQ > ppTQfBAWarFvj312PRUhgV6XnH/UFh+YBvXFWg5o0yGTX9kDWTy0vkX+rBPXA47h > GUI7xkG/Q98fKwWqPy//HdPjHFa7XSkbkOu9lkIfj7U6JzGKO7shwn6vvx/v5xFM > yhskEpValk+bLMbJOJxAi8v1qXooojnP3FdRKKXjc/8wLiDinrfBR56oukKC7sRX > Dk+L+nhUMmN644ymXRnFsQ5Jo9bjLK+CCGIQ3J1eDHmsyVOkvm7jG4uWbsx28LQz > V6/oPzXrY6XdcjLupkjwgkqJ4CpIERpzOlcU/G2+sAsbf0zJeIQ03ZKN0lzSuogF > 7ppHM4wiwPAQu70M1xsbwOsu9r+N2NLf0atpleeKtVXCu6Mh8a9LC/Et1m4TF7Kq > 6YkP2k5Soc9A0WnuFL72nbt616SorTUtm8mbVEQ1ocfToT/R9AHZZkvDYcmMezM3 > 2YZIxXVp0KRZGazBgqcS > =+tYA > -----END PGP SIGNATURE----- > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
