[Swan-dev] commit 2995415b24315ad492c4 broke PSK
Antony Antony
antony at phenome.org
Fri Feb 14 11:43:14 EET 2014
| encrypting 24 using OAKLEY_3DES_CBC
| NSS: do_3des init start
"road-eastnet-psk" #1: do_3des: NSS derived enc key is NULL
is what I see in pluto debug on the initiator.
If I go back to 88bedbfc004a9cca587400165bf0c27d30e075e4 it works. The connections get established and pluto is not crashing
-antony
On Thu, Feb 13, 2014 at 10:14:32PM -0500, Paul Wouters wrote:
>
> 003 "redhat" #1: multiple DH groups were set in aggressive mode. Only first one used.
> 003 "redhat" #1: transform (7,2,2,0) ignored.
> 003 "redhat" #1: multiple DH groups were set in aggressive mode. Only first one used.
> 003 "redhat" #1: transform (7,2,2,0) ignored.
> 112 "redhat" #1: STATE_AGGR_I1: initiate
> 003 "redhat" #1: received Vendor ID payload [Cisco-Unity]
> 003 "redhat" #1: received Vendor ID payload [XAUTH]
> 003 "redhat" #1: received Vendor ID payload [Dead Peer Detection]
> 003 "redhat" #1: received Vendor ID payload [RFC 3947]
> 003 "redhat" #1: received Vendor ID payload [FRAGMENTATION c0000000]
> 003 "redhat" #1: ignoring unknown Vendor ID payload [54773bef601f29585494b63669b728e2]
> 003 "redhat" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
> 003 "redhat" #1: protocol/port in Phase 1 ID Payload MUST be 0/0 or 17/500 but are 17/0 (attempting to continue)
> 003 "redhat" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
> 003 "redhat" #1: received Hash Payload does not match computed value
> 223 "redhat" #1: STATE_AGGR_I1: INVALID_HASH_INFORMATION
>
> Paul
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
More information about the Swan-dev
mailing list