I have a vpn between a Lucent Brick 201 and a linux box (Suse 7.1) using
FreeS/WAN 1.8. When I start (or restart) the vpn from the linux box, it
works for a while, but eventually (seemingly randomly in interval) stops
passing packets. After the link goes down, when packets from the Lucent
Brick 201 hit the linux box, I see the following errors:
May 30 15:01:38 stu Pluto[21179]: "mdel" #26: responding to Main Mode
May 30 15:01:38 stu Pluto[21179]: "mdel" #26: only OAKLEY_GROUP_MODP1024 and
OAKLEY_GROUP_MODP1536 supported. Attribute OAKLEY_GROUP_DESCRIPTION
May 30 15:01:38 stu Pluto[21179]: "mdel" #26: only OAKLEY_GROUP_MODP1024 and
OAKLEY_GROUP_MODP1536 supported. Attribute OAKLEY_GROUP_DESCRIPTION
May 30 15:01:38 stu Pluto[21179]: "del" #26: OAKLEY_DES_CBC is not
supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
May 30 15:01:38 stu Pluto[21179]: "del" #26: OAKLEY_DES_CBC is not
supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
May 30 15:01:38 stu Pluto[21179]: "del" #26: no acceptable Oakley Transform
Am I correct in thinking that my machine (stu) now sees the Lucent Brick 201
box as only offering DES? I have the person responsible for the Lucent
Brick device looking at the configuration and checking to see if they can
completely turn off support for DES (at least for the connection to me).
I have played with the ipsec.conf on the linux box, and searched through the
mailing lists, but have not found a solution on my own. (I've been leery of
upgrading freeswan unless have I a reason to think that would fix the
problem as I have other VPNs and services running on the linux machine.)
Any help would be appreciated.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:08 CEST