[Swan] IPsec encryption transform did not specify required KEY_LENGTH attribute
Wolfgang Nothdurft
wolfgang at linogate.de
Fri Sep 19 11:12:25 EEST 2014
Is the behaviour after commit 68c25611eed93edd459e38deadf01916ab983115
(https://lists.libreswan.org/pipermail/swan-commit/2014-May/001275.html)
intended?
This breaks connectivity with old implementations like openswan 2.4,
which doesn't have configured a specific phase2alg.
We also have a customer with old vigor routers that shows this problem
and it seems that you can do nothing on the vigor site to change this
behavior.
Both sends AES_000-HMAC_SHA1 and can't connect because of the required
keylength attribute
Log:
IPsec encryption transform did not specify required KEY_LENGTH attribute
sending encrypted notification BAD_PROPOSAL_SYNTAX to 10.0.12.2:500
Wolfgang
More information about the Swan
mailing list