On 03/14/2012 04:34 PM, Bill Wallick wrote:
I am getting an "invalid hash size". can anyone shed some light on this ???
here is the log.
12/03/14 12:14:45<< : security association payload
12/03/14 12:14:45<< : - propsal #1 payload
12/03/14 12:14:45<< : -- transform #1 payload
12/03/14 12:14:45 ii : matched isakmp proposal #1 transform #1
12/03/14 12:14:45 ii : - transform = ike
12/03/14 12:14:45 ii : - cipher type = 3des
12/03/14 12:14:45 ii : - key length = default
12/03/14 12:14:45 ii : - hash type = md5
12/03/14 12:14:45 ii : - dh group = modp-1024
12/03/14 12:14:45 ii : - auth type = psk
12/03/14 12:14:45 ii : - life seconds = 3600
12/03/14 12:14:45 ii : - life kbytes = 0
12/03/14 12:14:45<< : key exchange payload
12/03/14 12:14:45<< : nonce payload
12/03/14 12:14:45<< : identification payload
12/03/14 12:14:45 ii : phase1 id target is any
12/03/14 12:14:45 ii : phase1 id match
12/03/14 12:14:45 ii : received = ipv4-host 192.168.0.10
12/03/14 12:14:45<< : hash payload
12/03/14 12:14:45 !! : invalid hash size ( 0 != 16 )
Hi Bill,
I'm not sure what is causing this message. My guess would be that there
is still something mismatched in the settings. Perhaps the BEFSX41 uses
SHA1 Hash Algorithm instead of MD5.
Another possibility is that Shrew is expecting one kind of message from
the Linksys (identification payload) but the VPN gateway is sending
something different.
For example, maybe it does not recognize the Shrew client because the
Authentication->Local Identity in Shrew do not match what is configured
in the BEFSX41 for the remote site/client.
So while Shrew is waiting for the next packet in the connect sequence,
the BEFSX41 is sending back an "unrecognized peer" message.
Can you look on the Cisco/Linksys box to see what its logs say?
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
