[Swan] meaning of error code -> ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS
Amir Naftali
amir at fortycloud.com
Tue Jan 9 12:52:33 UTC 2018
Hello All,
I have the following issue when connecting a libreswan server and a remote
IPSec peer (non libreswan)
my libreswan is running on ubuntu 14.04 LTS
During key renegotiation I see the following messages in the logs
Jan 9 09:10:20 hostname pluto[7888]: "connection/6x6" #35475: the peer
proposed: 192.168.48.0/20:0/0 -> 100.16.2.200/32:0/0
Jan 9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476:
*ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS* must only be used with old IETF
drafts
Jan 9 09:10:20 hostname pluto[7888]: "connection/4x5" #35476: sending
encrypted notification *BAD_PROPOSAL_SYNTAX* to X.X.X.X:4500
The connection configuration (removed some left/right subnets to simplify)
conn connection
authby=secret
auto=start
dpdaction=restart_by_peer
dpddelay=30
dpdtimeout=120
forceencaps=no
ike=aes256-sha1;modp1024
ikelifetime=28800s
keyingtries=3
left=local IP
leftid=my id
leftsubnets=192.168.48.0/20...
pfs=no
phase2alg=aes256-sha1
right=remote ip
rightid=remote id
rightsubnets=100.16.2.200/32...
salifetime=3600s
type=tunnel
What does the ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS message mean?
what should I do to fix this (do I need to fix it)?
Appriciate your insight
Amir
*Amir Naftali*| *CTO 40Cloud*| *FireMon*
D: +972.73.3905722| C: +972.54.4972622
amir@ <amir.naftali at firemon.com>fortycloud.com | *www.40cloud.com
<http://www.40cloud.com/>*
*40Cloud - Making Your Public Cloud Private*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180109/74e8e136/attachment.html>
More information about the Swan
mailing list