IPsec: problems after upgrade 4.8 to 4.9
JINMEI Tatuya /神明達哉
jinmei at isl.rdc.toshiba.co.jp
Sun Mar 21 19:28:24 PST 2004
>>>>> On Fri, 19 Mar 2004 23:06:38 +0100,
>>>>> "Holger Eitzenberger" <Holger.Eitzenberger at t-online.de> said:
> I was sucessfully running FBSD 4.8 with X509 certicate VPN.
> After installation of FBSD 4.9 I get the following error messages:
> isakmp.c:899:isakmp_ph1begin_r(): begin Identity Protection mode.
> ERROR: ipsec_doi.c:1318:get_transform(): Only a single transform payload is allowed during phase 1 processing.
> (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP group
> ERROR: ipsec_doi.c:243:get_ph1approval(): no suitable proposal found.
> ERROR: isakmp_ident.c:782:ident_r1recv(): failed to get valid proposal.
> ERROR: isakmp.c:913:isakmp_ph1begin_r(): failed to process packet.
> The connecting peer is a Linux box (FreeSwan 1.99).
> Line (*) looks suspicious to me. Is there some persistant data
> between too VPN "sessions", which is now missing on one side of
> the link after installation?
If you don't mind, could you ask the question at racoon at kame.net
please? Right now the primary developer of racoon (it's not me, BTW)
is too busy to answer questions, but there are other experts who may
be able to help you at the mailing list.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei at isl.rdc.toshiba.co.jp
More information about the freebsd-net
mailing list