Re: [Openswan Users] Re: [Users] connection between isampd and ipsec on linux and this error: "ignoring informational payload, type NO_PROPOSAL_CHOSEN"

From: Michael Richardson <mcr(at)sandelman.ottawa.on.ca>
Date: Sun Feb 15 2004 - 11:53:39 EST

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Paul" == Paul Wouters  writes:

>> Jan 21 16:45:41 vpn-gate pluto[7467]: "testing-sub" #1: ignoring
>> informational payload, type NO_PROPOSAL_CHOSEN

    Paul> This means both parties have no proposal in common. Usually this
    Paul> means one side only wants to do X.509 certificates and the other
    Paul> side only wants to do raw RSA keys, or it means they cannot agree

  Actually, "X.509" and "raw RSA" are just ways to authenticate the public key - but are in fact "RSA Signature" mode. (Unless it is a DSA certificate, I guess)

    Paul> on a certain algorith/cipher. Common is offering only 1DES to a
    Paul> FreeS/WAN machine, which refuses to talk 1DES because it is trivial
    Paul> to brute-force.

  1DES is a typical reason.

  I think that there should be more logging, but on the side involved, where we get no proposal chosen notify, that's as much as we can know.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] 
mcr(at)xelerance.com      
http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQC+kEYqHRg3pndX9AQE9iQP/TtriV4XJOT+Jck0BKSGVHdOZs/DXom0+ IR3p360ppePxUlYdC7IeB6HlkE0czoVKcIjQsh6RDx6vqwBco5rGT+oSrNg8/LFb gI/joMh/9zYO3lxI3GA6wFmKiRmqdn8dW3vF5lTQIw60KNxRaxrfgSMV19SbntnJ 5qwNOQtEaiI=
=p1cO
-----END PGP SIGNATURE-----

---

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Sun Feb 15 11:59:44 2004