[Swan] R: BAD_PROPOSAL_SYNTAX, PAYLOAD_MALFORMED, KEY_LENGTH attribute

Paul Wouters paul at nohats.ca
Thu Apr 9 18:38:12 EEST 2015


On Thu, 9 Apr 2015, Antonio Scattolini wrote:

> 
> But phase2alg is supported in openswan 2.4.6? I know it is in libreswan
> 3.12.
> I added it at both ends, still no connection...

>> #21339: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
>> #21339: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG
>> cipher=oakley_3des_cbc_192 integ=5 group=MODP1536}
>> #20842: the peer proposed: 192.168.5.0/24:0/0 -> 192.168.3.0/24:0/0
>> #21340: IPsec encryption transform did not specify required KEY_LENGTH
>> attribute

>> conn end1-end2
>>          auto=start
>>          compress=yes
>>          authby=rsasig
>>          left=a.b.c.d
>>          leftsubnet=192.168.5.0/24
>>          leftid=@fw.end2.intranet
>>          right=%defaultroute
>>          rightsubnet=192.168.3.0/24
>>          rightid=@fw.end1.intranet
>>          leftrsasigkey=0sAQPmt...
>> 	  rightrsasigkey=0sAQN0...

Add: phase2alg=aes128-sha1;modp1536

they issue is "aes" vs "aes128" that will send the KEY_LENGTH attribute.

Paul



More information about the Swan mailing list