[Swan] INVALID_KEY_INFORMATION

Nick Howitt nick at howitts.co.uk
Fri Aug 5 16:20:03 UTC 2016 

Hi,

With my Draytek I use auto=add, ike=aes256-sha1;modp2048 and 
phase2alg=aes256-sha1. I think if you do auto=start the Draytek tries to 
make 2 connections, one as initiator and one as responder and gets 
confused, but I have not looked at it in ages.

If your system uses rsyslogd you can easily set up a filter to just drop 
the messages you don't want.

Regards,

Nick

On 05/08/2016 15:41, John Crisp wrote:
> On 05/08/16 16:26, Paul Wouters wrote:
>> On Fri, 5 Aug 2016, John Crisp wrote:
>>
>>> I am using Libre 3.18 but have seen the same issue on previous versions.
>>> Libre connects with a Draytek router.
>>>
>>> I seem to get a lot of this in my logs:
>>>
>>> "ignoring informational payload INVALID_KEY_INFORMATION"
>>>
>>> I can see that this is informational, and can be ignored, but wanted to
>>> know what the cause was and if I can get around it as it fills my logs
>>> at a fairly high rate !
>>  From my dealings with Draytek 10 years ago, there were various big
>> issues with their IKE software. One of the things is that "always on"
>> did hugely different things and require different settings, something
>> you would not expect where the only difference should be "load" or
>> "load and initiate".
>>
> Yes I am used to some of their peculiarities ;-)
>
>> I can't really help you. If it works in the non-alwayson mode, and
>> does not in the alwayson mode, it is mostly likely a configuration
>> oddity they need or just a bug in their software. You'll have to
>> try and talk to the vendor.
>
> OK but just to note that it's the other way round as per my comment:
>
>>> I note that if I set the router to be always on, and set Libre to
>>> auto=add I no longer get the messages.
> So if the router is AlwaysOn and Libre is auto=add then no messages and
> all is quiet on the Western Front.
>
> If I put Libre into auto=start we have a scene resembling something from
> the Somme in the logs with it continuously reconnecting :-)
>
> I can live with it with auto=add, and will be ousting said routers as
> soon as I can (because talking to their tech support is
> errrrr........!), but I was just curious as to what was going on and why.
>
> B. Rgds
> John
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list