LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-09-2011, 02:53 AM   #1
AyeshaB
LQ Newbie
 
Registered: May 2011
Posts: 1

Rep: Reputation: 0
Question OpenSwan


Hi,
Currently i am using openswan 2.6.32 where i am facing a problem with mismatch of authentication and encryption algorithms...i did like this:

i arranged the total vpn setup with "aes and sha1" authentication and encryption algorithms and the tunnel is up.I can able to ping from local end to remote end and vice versa...
After that i changed the authentication and encryption algorithms to "3des and md5" in local site...by doing this the tunnel should goes down,but it is not happening,i can still pinging from local to remote side and from remote to local...
Can anybody please help me to figure out what is happening...

Is there any bug raised in openswan2.6.32 with this issue ?
please reply...

[root@localhost ~]# ipsec whack --status
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not specified, or there is a syntax
000 error in that line. 'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000 private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,324} attrs={0,2,432}
000
000 "local": 10.2.0.0/24===15.20.25.2<15.20.25.2>[+S=C]...45.46.47.2<45.46.47.2>[+S=C]===172.16.0.0/24; erouted; eroute owner: #10
000 "local": myip=unset; hisip=unset;
000 "local": ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "local": policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: eth1;
000 "local": dpd: action:hold; delay:5; timeout:10;
000 "local": newest ISAKMP SA: #9; newest IPsec SA: #10;
000 "local": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 "local": ESP algorithms wanted: 3DES(3)_000-MD5(1)_000; flags=-strict
000 "local": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128
000 "local": ESP algorithm newest: AES_256-HMAC_SHA1; pfsgroup=<N/A>
000
000 #10: "local":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2442s; newest IPSEC; eroute owner; isakmp#9; idle; import:not set
000 #10: "local" esp.ac1715cf@45.46.47.2 esp.418d748b@15.20.25.2 tun.0@45.46.47.2 tun.0@15.20.25.2 ref=0 refhim=4294901761
000 #9: "local":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2130s; newest ISAKMP; lastdpd=4s(seq in:22696 out:0); idle; import:not set
000 #8: "local":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 43s; isakmp#7; idle; import:not set
000 #8: "local" esp.a9160802@45.46.47.2 esp.918f3870@15.20.25.2 tun.0@45.46.47.2 tun.0@15.20.25.2 ref=0 refhim=4294901761
000

Thanks,
AyeshaB

Last edited by AyeshaB; 05-09-2011 at 04:51 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openswan 2.1.1 Giovanni26 Linux - Security 5 01-07-2010 12:44 PM
Openswan Evgeny Linux - Security 4 01-07-2010 12:43 PM
Openswan Up eagle710 Linux - Networking 0 03-06-2008 02:28 PM
openswan Circuit Monkey Linux - Newbie 1 03-22-2005 03:30 PM
Openswan Evgeny Linux - Security 3 03-05-2005 04:59 AM


All times are GMT -5. The time now is 12:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration