[Swan] Aggressive mode not possible with Juniper Netscreen
Elison Niven
elison.niven at cyberoam.com
Thu Jan 10 16:12:20 EET 2013
Hi,
I am facing this issue with Juniper netscreen :
https://www.openswan.org/issues/1218
Issue occurs only when Netscreen initiates the tunnel.
Looking at the tcpdump capture, I see this :
Netscreen ---> Libreswan
Aggr Mode(unencrypted) --->
<--- Aggr Mode (unencrypted)
Aggr Mode(unencrypted) ---->
<--- Informational (Error : We expect encrypted packet)
Netscreen is behaving wrongly here.
I also tried out the same with Netscreen and a Fortinet device.
Interestingly, the same scenario works here.
Netscreen ---> Fortinet
Aggr Mode(unencrypted) --->
<--- Aggr Mode (unencrypted)
Aggr Mode(unencrypted) ---->
Quick Mode (encrypted) ---->
<---- Quick mode (encrypted)
Quick Mode (encrypted)
<---- Quick mode (encrypted)
I am wondering how it is possible to establish Phase 1 aggressive mode
when the responder has sent just one packet !
Is there any extension to aggressive mode that Libreswan needs to
incorporate?
--
Best Regards,
Elison Niven
More information about the Swan
mailing list