From owner-freebsd-net@FreeBSD.ORG Fri Mar 26 13:34:52 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F33716A4CE for ; Fri, 26 Mar 2004 13:34:52 -0800 (PST) Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com [194.25.134.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0D8143D2F for ; Fri, 26 Mar 2004 13:34:51 -0800 (PST) (envelope-from Holger.Eitzenberger@t-online.de) Received: from fwd03.aul.t-online.de by mailout02.sul.t-online.com with smtp id 1B6yyY-0002Kp-07; Fri, 26 Mar 2004 22:34:50 +0100 Received: from kruemel.eitzenberger.name (rAC1QyZJ8eVrb-Ylku97YGq9lSsBCZp2VXs2H3aAaCZnjPXIuuka4a@[62.224.20.159]) by fwd03.sul.t-online.com with esmtp id 1B6yyP-2ESOn20; Fri, 26 Mar 2004 22:34:41 +0100 Received: from jonathan-w.eitzenberger.name ([192.168.11.10] helo=jonathan.eitzenberger.name ident=mail) by kruemel.eitzenberger.name with esmtp (Exim 4.22) id 1B6yy7-0000tT-Pm for freebsd-net@freebsd.org; Fri, 26 Mar 2004 22:34:23 +0100 Received: from holger by jonathan.eitzenberger.name with local (Exim 3.35 #1 (Debian)) id 1B6yzk-0000aJ-00 for ; Fri, 26 Mar 2004 22:36:04 +0100 Date: Fri, 26 Mar 2004 22:36:04 +0100 To: FreeBSD Net Message-ID: <20040326223604.A2235@eitzenberger.name> References: <20040319230638.A25674@eitzenberger.name> <200403220721.IAA27512@galaxy.hbg.de.ao-srv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i From: Holger.Eitzenberger@t-online.de (Holger Eitzenberger) X-Seen: false X-ID: rAC1QyZJ8eVrb-Ylku97YGq9lSsBCZp2VXs2H3aAaCZnjPXIuuka4a Subject: Re: IPsec: problems after upgrade 4.8 to 4.9 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2004 21:34:52 -0000 On Mon, Mar 22, 2004 at 08:21:35AM +0100, Helge Oldach wrote: > > (*) ERROR: ipsec_doi.c:440:print_ph1mismatched(): rejected dh_group: > >DB(prop#1:trns#1):Peer(prop#0:trns#0) = 1024-bit MODP group:1536-bit MODP > >group > > dh_group 2; > Try changing the last line to > > dh_group 5; Hi, wow, that works again! Thx alot! However, I still have two error lines in my logs: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Identity Prot ection mode. ERROR: ipsec_doi.c:1318:get_transform(): Only a single transform payload is allowed during phase 1 processing. INFO: isakmp.c:2412:log_ph1established(): ISAKMP-SA established 192.168.11.1[500]-192.168.11.10[500] spi:0d9434c7440e72ce:751d06200476bf1a INFO: isakmp.c:1049:isakmp_ph2begin_r(): respond new phase 2 negotiation: 192.168.11.1[0]<=>192.168.11.10[0] ERROR: proposal.c:496:cmpsatrns(): authtype mismatched: my: 2 peer:1 Can anyone tell me the cause of this? Thx in advance. /Holger -- ++ GnuPG Key -> http://www.t-online.de/~holger.eitzenberger ++