Your message dated Sun, 17 Apr 2016 14:33:52 +0200 with message-id <[email protected]> and subject line Re: Bug#821286: Acknowledgement (strongswan: Cannot create ipsec tunnel after upgrade to 5.4) has caused the Debian Bug report #821286, regarding strongswan: Cannot create ipsec tunnel after upgrade to 5.4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 821286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821286 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: strongswan Version: 5.4.0-1 Severity: normal Dear Maintainer, I have used strongswan to create an ipsec tunnel for a VPN connection to my company. After stronswan was upgraded to 5.4 the formerly working configuration does not longer work. I get the following message: initiating Main Mode IKE_SA vpn-metromec[1] to xxx.xxx.xxx.xxx generating ID_PROT request 0 [ SA V V V V ] sending packet: from 192.168.0.12[500] to xxx.xxx.xxx.xxx[500] (212 bytes) received packet: from xxx.xxx.xxx.xxx[500] to 192.168.0.12[500] (248 bytes) parsed ID_PROT response 0 [ SA V V V V V V V V V ] received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03 received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57 received draft-ietf-ipsec-nat-t-ike-02 vendor ID received draft-ietf-ipsec-nat-t-ike-02\n vendor ID received draft-ietf-ipsec-nat-t-ike-03 vendor ID received NAT-T (RFC 3947) vendor ID received XAuth vendor ID received DPD vendor ID received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57 generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 192.168.0.12[500] to xxx.xxx.xxx.xxx[500] (236 bytes) received packet: from xxx.xxx.xxx.xxx[500] to 192.168.0.12[500] (220 bytes) parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] local host is behind NAT, sending keep alives generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] sending packet: from 192.168.0.12[4500] to xxx.xxx.xxx.xxx[4500] (92 bytes) received packet: from xxx.xxx.xxx.xxx[500] to 192.168.0.12[500] (220 bytes) received retransmit of response with ID 0, but next request already sent received packet: from xxx.xxx.xxx.xxx[4500] to 192.168.0.12[4500] (60 bytes) parsed ID_PROT response 0 [ ID HASH ] IKE_SA vpn-metromec[1] established between 192.168.0.12[192.168.0.12]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] scheduling reauthentication in 27872s maximum IKE_SA lifetime 28412s generating QUICK_MODE request 221974855 [ HASH SA No ID ID NAT-OA NAT-OA ] sending packet: from 192.168.0.12[4500] to xxx.xxx.xxx.xxx[4500] (220 bytes) received packet: from xxx.xxx.xxx.xxx[4500] to 192.168.0.12[4500] (116 bytes) parsed INFORMATIONAL_V1 request 503827175 [ HASH N(NO_PROP) ] received NO_PROPOSAL_CHOSEN error notify establishing connection 'vpn-metromec' failed My ipsec.conf says: conn vpn-metromec authby=secret rekey=yes keyingtries=3 dpdaction=restart ikelifetime=8h keylife=1h keyexchange=ikev1 ike=3des-md5-modp1024 type=transport left=192.168.0.12 leftsubnet=192.168.0.12[udp/1701] right=xxx.xxx.xxx.xxx rightsubnet=xxx.xxx.xxx.xxx[udp/1701] auto=add -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-1-amd64 (SMP w/12 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages strongswan depends on: ii strongswan-charon 5.4.0-1 ii strongswan-starter 5.4.0-1 strongswan recommends no packages. strongswan suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Adding esp=3des-md5 fixed to problem. -- ("`-''-/").___..--''"`-._ `o_ o ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' .' (il).-'' (li).' ((!.-' Andreas Tscharner [email protected] ICQ-No. 14356454
signature.asc
Description: OpenPGP digital signature
--- End Message ---
