[Swan] AWS: INVALID_HASH_INFORMATION

Ryszard Styczynski rstyczynski at gmail.com
Mon Oct 12 12:28:15 UTC 2020 

Hello,

I'm trying to connect Linux to AWS VPN Connection using Libreswan 3.25. On the same host IPSec connection already works for a long time. Now I'm adding another one, and I'm stopped o below problem:

Oct 12 11:54:08.149392: "XXX_tunnel2" #41: initiating Main Mode
Oct 12 11:54:08.161867: "XXX_tunnel2" #41: STATE_MAIN_I2: sent MI2, expecting MR2
Oct 12 11:54:08.174565: "XXX_tunnel2" #41: STATE_MAIN_I3: sent MI3, expecting MR3
Oct 12 11:54:08.185652: "XXX_tunnel2" #41: Peer ID is ID_IPV4_ADDR: '52.214.70.211'
Oct 12 11:54:08.186215: "XXX_tunnel2" #41: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP1024}
Oct 12 11:54:08.186295: "XXX_tunnel2" #42: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#41 msgid:f741420f proposal=AES_CBC_128-HMAC_SHA1_96-MODP1024 pfsgroup=MODP1024}
Oct 12 11:54:08.198059: "XXX_tunnel2" #41: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=16
Oct 12 11:54:08.198091: | ISAKMP Notification Payload
Oct 12 11:54:08.198103: |   00 00 00 10  00 00 00 01  03 04 00 12
Oct 12 11:54:08.198112: "XXX_tunnel2" #41: received and ignored informational message
Oct 12 11:54:08.687396: "XXX_tunnel2" #42: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Oct 12 11:54:09.188146: "XXX_tunnel2" #42: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Oct 12 11:54:10.189374: "XXX_tunnel2" #42: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Oct 12 11:54:12.190339: "XXX_tunnel2" #42: STATE_QUICK_I1: retransmission; will wait 4 seconds for response
Oct 12 11:54:16.194522: "XXX_tunnel2" #42: STATE_QUICK_I1: retransmission; will wait 8 seconds for response
Oct 12 11:54:24.197845: "XXX_tunnel2" #42: STATE_QUICK_I1: retransmission; will wait 16 seconds for response
Oct 12 11:54:24.209230: "XXX_tunnel2" #41: ignoring informational payload INVALID_HASH_INFORMATION, msgid=00000000, length=12
Oct 12 11:54:24.209266: | ISAKMP Notification Payload
Oct 12 11:54:24.209272: |   00 00 00 0c  00 00 00 01  01 00 00 17
Oct 12 11:54:24.209276: "XXX_tunnel2" #41: received and ignored informational message

Configuration is quite fundamental as proposed by regular AWS setup. I'm using exactly the same for outer working VPN Connection.

conn XXX_tunnel2
     mark=202/0xffffffff
     vti-interface=vti202
     vti-routing=no

     left=10.196.3.53
     leftid=140.238.80.46
     leftsubnet=10.106.0.0/16

     rightsubnet=0.0.0.0/0
     right=52.214.70.211

     type=tunnel

     authby=secret
     auto=start

     dpddelay=10
     dpdtimeout=30
     dpdaction=restart_by_peer

     ikelifetime=8h
     keylife=1h
     phase2alg=aes128-sha1;modp1024
     ike=aes128-sha1;modp1024
     keyingtries=%forever
     keyexchange=ike

Appreciate any advice where is the trick. What is wrong? How to further debug?

Regards,
Ryszard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20201012/c8e215a8/attachment.html>

More information about the Swan mailing list