[Swan] R: R: R: R: BAD_PROPOSAL_SYNTAX, PAYLOAD_MALFORMED, KEY_LENGTH attribute

Paul Wouters paul at nohats.ca
Fri Apr 10 18:00:31 EEST 2015


That's good! Probably now look into NAT and firewall and forwarding rules. 

Sent from my iPhone

> On Apr 10, 2015, at 05:52, Antonio Scattolini <antonio.scattolini at atpesercizio.it> wrote:
> 
> Now I have on end 1:
> #30: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> #30: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=aes_256 prf=oakley_sha group=modp2048}
> On end 2:
> #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
> #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
> {ESP=>0x50d40191 <0x8f441b9e xfrm=AES_128-HMAC_SHA1 IPCOMP=>0x00005999
> <0x00008760 NATOA=none NATD=none DPD=passive}
> 
> But still no luck...
> Antonio
> 
> -----Messaggio originale-----
> Da: Paul Wouters [mailto:paul at nohats.ca]
> Inviato: giovedi 9 aprile 2015 22.13
> A: Antonio Scattolini
> Cc: 'Wolfgang Nothdurft'; swan at lists.libreswan.org
> Oggetto: Re: R: [Swan] R: R: BAD_PROPOSAL_SYNTAX, PAYLOAD_MALFORMED,
> KEY_LENGTH attribute
> 
> 
>> On Thu, 9 Apr 2015, Antonio Scattolini wrote:
>> 
>> Instead, if I put:
>> esp=aes256-sha1;modp1024
>> both peers have ISAKMP SA established and IPSec SA established and also
> both
>> stuck in STATE_QUICK_I2; no ping from host in lan of end 1 to host in lan
> of
>> end 2 and viceversa...
> 
> you cannot be both established and in STATE_QUICK_I2?
> 
> You can try aes128 instead?
> 
> Paul


More information about the Swan mailing list