[Swan] Tunnels coming establishing and dropping quickly
Paul Wouters
paul at nohats.ca
Mon May 22 16:06:13 UTC 2017
On Mon, 22 May 2017, Madden, Joe wrote:
> Just wan't to check is the following messages related to the StronSwan/LibreSwan SA diffrences?
>
>>> Likely because strongswan uses/expects CREATE_CHILD_SA and libreswan is using individual IKE SA's
>
> #781: rejecting create child SA from 54.247.187.81:4500 -- new KE in DH for PFS is not yet supported
> #781: sending unencrypted notification v2N_INVALID_KE_PAYLOAD to 54.247.187.81:4500
Yes, please remove the modpXXX from strongswan's esp= line or wait for
libreswan 3.21 ?
Paul
More information about the Swan
mailing list