[Swan] Aggressive mode not possible with Juniper Netscreen

Paul Wouters paul at nohats.ca
Sun Jan 20 01:24:43 EET 2013


On Fri, 18 Jan 2013, Philippe Vouters wrote:

> In summary, it looks to me there are two issues here :
>
> 1/ Libreswan could be wrongly issuing the packet rejected message meanwhile 
> taking the corresponding action.
> 2/ Another problem you seem to face is on your Netscreen side (your traces). 
> At the time of the Libreswan packet rejected message, Netscreen would wrongly 
> assume it is already phase 2 while Libreswan is still keeping in phase 1.

I'm pretty sure this is 2)

There is a mismatch in configuration.

Paul


More information about the Swan mailing list