Dears,
There's a big issue of Android phone connecting to Libreswan deployed on Ubuntu
18.04 which is based on AWS EC2 recently. But the connection was successful
before August 2022. Neither Xauth-PSK nor L2TP/IPSec PSK works. I can't find
the right answer from those troubleshoot blogs online.
Can anyone help answer how to fix this problem, please?
the auth.log is following:
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: responding to Main Mode from unknown peer 223.104.68.17:56380
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for
HMAC_SHA2_384 PRF in FIPS mode (24 bytes required)
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (256), HMAC_SHA2_384, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (256), HMAC_SHA2_256, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for
HMAC_SHA2_512 PRF in FIPS mode (32 bytes required)
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (256), HMAC_SHA2_512, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (256), HMAC_SHA1, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (256), HMAC_MD5, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for
HMAC_SHA2_512 PRF in FIPS mode (32 bytes required)
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (128), HMAC_SHA2_512, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: WARNING: connection xauth-psk PSK length of 20 bytes is too short for
HMAC_SHA2_384 PRF in FIPS mode (24 bytes required)
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (128), HMAC_SHA2_384, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (128), HMAC_SHA2_256, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (128), HMAC_SHA1, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [AES_CBC (128), HMAC_MD5, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [3DES_CBC (192), HMAC_SHA2_256, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: Oakley Transform [3DES_CBC (192), HMAC_MD5, MODP1024] refused
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute
OAKLEY_ENCRYPTION_ALGORITHM
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: message repeated 2 times: [
"xauth-psk"[1] 223.104.68.17 #1: OAKLEY_DES_CBC(UNUSED) is not supported.
Attribute OAKLEY_ENCRYPTION_ALGORITHM]
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: no acceptable Oakley Transform
Dec 7 09:24:12 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: sending notification NO_PROPOSAL_CHOSEN to 223.104.68.17:56380
Dec 7 09:24:15 ip-172-31-6-48 pluto[3269]: "xauth-psk"[1] 223.104.68.17
#1: discarding initial packet; already STATE_MAIN_R0
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
