Date: Mon, 22 Mar 2004 12:28:20 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: "Holger Eitzenberger" <Holger.Eitzenberger@t-online.de> Cc: freebsd-net@freebsd.org Subject: Re: IPsec: problems after upgrade 4.8 to 4.9 Message-ID: <y7vk71dd0h7.wl@ocean.jinmei.org> In-Reply-To: <20040319230638.A25674@eitzenberger.name> References: <20040319230638.A25674@eitzenberger.name>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Fri, 19 Mar 2004 23:06:38 +0100, >>>>> "Holger Eitzenberger" <Holger.Eitzenberger@t-online.de> said: > I was sucessfully running FBSD 4.8 with X509 certicate VPN. > After installation of FBSD 4.9 I get the following error messages: > isakmp.c:899:isakmp_ph1begin_r(): begin Identity Protection mode. > ERROR: ipsec_doi.c:1318:get_transform(): Only a single transform payload is allowed during phase 1 processing. > (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group: DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP group > ERROR: ipsec_doi.c:243:get_ph1approval(): no suitable proposal found. > ERROR: isakmp_ident.c:782:ident_r1recv(): failed to get valid proposal. > ERROR: isakmp.c:913:isakmp_ph1begin_r(): failed to process packet. > The connecting peer is a Linux box (FreeSwan 1.99). > Line (*) looks suspicious to me. Is there some persistant data > between too VPN "sessions", which is now missing on one side of > the link after installation? If you don't mind, could you ask the question at racoon@kame.net please? Right now the primary developer of racoon (it's not me, BTW) is too busy to answer questions, but there are other experts who may be able to help you at the mailing list. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y7vk71dd0h7.wl>