-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Michael,
can you provide the charon load-tester log with facility enc set to log level 3, see [1], and the pcap file from your cisco device (one IKE_INIT exchange should do). Thomas [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration On 01/31/2016 09:12 AM, Michael Chan wrote: > I ran this against a cisco device. I looked at the packet capture and it > shows that the key exchange DH group is undefined. Has anyone tried with > load-tester on 5.3.5? > > On Sat, Jan 30, 2016 at 2:22 AM, Thomas Egerer <[email protected]> wrote: > > Michael, > > while unloading the dishwasher I gave your issue another thought ;) > It seems I have somehow misread your problem. The peer you are trying > to connect the load tester to, runs which VPN-service? If it is a > strongwan instance, you should provide the version, log information > of the IKE negotiation and an output of your config (stroke statusall). > It seems odd, that the peer does not accept modp 1024 while it request > this same modp group in the response. > Does the peer a plugin loaded that provides modp 1024 (gcrypt, gmp, > openssl)? You should see this in 'stroke listall'. > > Cheers, > Thomas > > On 01/30/2016 12:20 AM, Michael Chan wrote: >>>> I looked at the ike logs and I see the following message >>>> >>>> [ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] >>>> [IKE] peer didn't accept DH group MODP_1024, it requested MODP_1024 >>>> >>>> The packet capture shows the DH group is undefined. Is there a parameter > to >>>> set the DH group for the ike key exchange? I have the following parameter >>>> in my load-tester.conf file. >>>> proposal = aes-sha1-modp1024 >>>> >>>> >>>> >>>> >>>> On Fri, Jan 29, 2016 at 12:40 PM, Michael Chan <[email protected]> > wrote: >>>> >>>>> Hi, >>>>> I'm wanting to use the load-tester plugin to perform load testing > on >>>>> remote host, but the remote host keeps sending back INVALID_KE_PAYLOAD >>>>> message back. When I do a packet capture I see that the DH group for key >>>>> exchange payload is undefined. I tried setting in the load-tester.conf > file >>>>> esp and proposal to use modp1024, but it doesn't change the key exchange >>>>> payload DH group at all. Is there a way to set the group in load-tester? >>>>> >>>>> Thanks, >>>>> Michael >>>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> https://lists.strongswan.org/mailman/listinfo/users >>>> > >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWrdqZAAoJEGK31ONirBTGOhAP/0rr7ZcgG4ljSwbRJUtGSQKv BwSO069RVcxTKSdV8bwvwL5u7gA1Gkbld1TASArN9auVfMcvmjuW6zlt+QpK9FSV o9qvJoPpJTeBTgbRlZmWEXTCr/flLl1Hd5eu4IZ+rG0MxM0GCtxXOBYWPlWNw3j7 4lB6mj/hpwnvIW0iu3OvrzuRbvarFf7lKAEDBdZ0AVoiCJFPwj6C/R04K4ouRsav 3ldWxh80fGH1WQHTHytEqlBSYBnj2cAcpgKtAiGqZQ7LzMzoCk05WQmJemW5DgEu zhrsMIxXlHxf1VjLKJ9zRP6oJIk8ZvDMGg3n84OIpqhJK6gnG+7p4YJCCL4JGQF5 XyaDwy0DV6vfyiYP3rxCzqbeB7+e7kAKGeDUO+O+DyUTAK+K88SiAdTPL2cGc6sz io4JH7jqwnG0gaqkDPpRHkZRa/OJxeu6/p8u5tyMwC0PO1FHEPlkgqCBikXuvAko hA2XfvrmSnrPROViR2ujfSjlLqcJ0y0XrG4MrTFF1xFroXIhLsHsUDZ/vIM8lmT4 pA+DQmNqToQ2m7ashz3fYu6zyPS+PGT9AFiEyqUrNKZ++7lHGW/DvvMomyymHCzb x2RoVDa/TMFiTInNfAqCQd0s6DDikfu/MUqGFfDi/4/lGQ9hkABd3bmYst8Wvms8 bJFLJQSzB3Z0zP+AwUYK =48yJ -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
