<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
I get something like this from whack<br>
<br>
000 "XXX": IKE algorithms wanted: BLOWFISH(7)_000-SHA1(2)-2,
flags=strict<br>
000 "XXX": IKE algorithms found: BLOWFISH(7)_128-SHA1(2)_160-2,<br>
000 "XXX": ESP algorithms wanted: AES(12)_000-SHA1(2), flags=strict<br>
000 "XXX": ESP algorithms loaded: AES(12)_000-SHA1(2), flags=strict<br>
<br>
What am I doing wrong?<br>
<br>
<br>
<br>
Peter McGill wrote:
<blockquote cite="mid:3C667879BE8C47A2ABCC66824861493F@peter"
type="cite">
<pre wrap="">Nothing in the information suggests that 256 bit AES is required.
Also esp doesn't allow you to enter a DH group, instead it uses the same
group as phase 1 ike.
I suggest the following changes accordingly, otherwise your conn looks good.
ike=aes-sha1-modp1024
esp=aes-sha1
Peter McGill
IT Systems Analyst
Gra Ham Energy Limited
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a>
[<a class="moz-txt-link-freetext" href="mailto:users-bounces@openswan.org">mailto:users-bounces@openswan.org</a>] On Behalf Of Magnus Holmberg
Sent: February 18, 2009 2:16 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
Subject: [Openswan Users] Config file Question.
I like to setup a vpn connection to another server and recieved the
information that it should be setup like:
Encryption method: IKE
Transforms: ESP
IKE Phase1:
Encryption algorithm: AES
Hash method: SHA1
Diffie-Hellman group: 2 (1024 bits)
IKE key lifetime: 28800sec
IKE Phase2:
Encryption algorithm: AES
Hash method: SHA1
Diffie-Hellman group: 2 (1024 bits)
IPsec key lifetime: 3600sec
Aggressive mode: disabled
Can someone help me with the config here.
IE i wounder what the esp= and ike should be set to.
Is this correct:
conn VPN
authby=secret
auto=start
rekey =yes
left=x.x.x.x
leftsubnet=x.x.x.x.192/28
auth = esp
keyexchange=ike
ikelifetime=28800s
keylife=3600s
right=y.y.y.y
rightsubnet=y.y.y/29
ike=aes256-sha1-modp1024
esp=aes256-sha1-modp1024
dpddelay=3
dpdtimeout=120
dpdaction=restart
aggrmode=no
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-294632">http://www.amazon.com/gp/product/1904811256/104-3099591-294632</a>
7?n=283155
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
</body>
</html>