On Wednesday 28 March 2012 11:51 PM, eric_c_john...@dell.com wrote:
Hi.
I have a situation where ESP packets appear to be getting mangled on
the remote peer whenever I use SHA2-256-128 for Phase2 (ESP). I can
establish the SAs from the Strongswan to the remote peer no problem.
However, I get no packets returned after establishing the tunnel.
The problem I am seeing is specific to this algorithm as I can get
SHA1 working without any issue. I can also get SHA2_256_128 to work
for P1 negotiations as well.
What I am trying to find out is if there is any additional logging
that I can enable on the Strongswan host
Did you have a chance to check:
http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
Regards,
Gowri Shankar
that could shed some light as to what is being mangled. I am
reversing the test to initiate from the remote peer thinking the
logging on Strongswan can help me understand what is wrong with the
ESP packets being sent. I've confirmed via traces that the peer sends
the ESP packet to the Strongswan host but the logging doesn't show any
indication that it received the packet. All I see are the regular DPD
log entries. When I decrypt the trace using wireshark the packets are
not being interpreted correctly. They should be IPv6 packets with an
attempt to establish an ftp session. But wireshark interpret them as
IPv4 packets (???) with a bogus IP length.
Can anybody help?
Thanks in advance.
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users