Re: IPsec: problems after upgrade 4.8 to 4.9

• Previous message: Luigi Rizzo: "Re: Looking for switch recommendations ..."
• In reply to: Helge Oldach: "Re: IPsec: problems after upgrade 4.8 to 4.9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 26 Mar 2004 22:36:04 +0100
To: FreeBSD Net <freebsd-net@freebsd.org>

On Mon, Mar 22, 2004 at 08:21:35AM +0100, Helge Oldach wrote:

> > (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group:
> >DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP
> >group

> > dh_group 2;
> Try changing the last line to
> > dh_group 5;

Hi,

wow, that works again! Thx alot!

However, I still have two error lines in my logs:

        INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Identity Prot ection mode.
        ERROR: ipsec_doi.c:1318:get_transform(): Only a single transform payload is allowed during phase 1 processing.
        INFO: isakmp.c:2412:log_ph1established(): ISAKMP-SA established 192.168.11.1[500]-192.168.11.10[500] spi:0d9434c7440e72ce:751d06200476bf1a
        INFO: isakmp.c:1049:isakmp_ph2begin_r(): respond new phase 2 negotiation: 192.168.11.1[0]<=>192.168.11.10[0]
        ERROR: proposal.c:496:cmpsatrns(): authtype mismatched: my: 2 peer:1

Can anyone tell me the cause of this?

Thx in advance.

/Holger

-- 
++ GnuPG Key -> http://www.t-online.de/~holger.eitzenberger ++
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Luigi Rizzo: "Re: Looking for switch recommendations ..."
• In reply to: Helge Oldach: "Re: IPsec: problems after upgrade 4.8 to 4.9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]