<div dir="ltr">Hi all,<div><br></div><div>I am trying to establish a vpn tunnel with</div><div><br></div><div>ike=aes256-sha2_512;modp1536</div><div><br></div><div>but am getting:</div><div><br></div><div><div>| proposal 1 succeeded encr= (policy:aes-cbc vs offered:aes-cbc)</div>
<div>| failed integ=(policy:auth-none vs offered:AUTH_HMAC_SHA2_512_256)</div><div>| failed prf= (policy:(null) vs offered:prf-hmac-sha2-512)</div><div>| succeeded dh= (policy:OAKLEY_GROUP_MODP1536 vs offered:OAKLEY_GROUP_MODP1536)</div>
</div><div><br></div><div>if i try with</div><div><br></div><div>ike=aes256-sha2_256;modp1536<br></div><div><br></div><div>failed integ & failed prf fail "successfully" (they show up correctly in the log but check fails due to them being different from sha2_512 which is requested by other gateway)</div>
<div><br></div><div>would work with sha2_384 (accepted by other gateway) but ipsec auto --status does not list it and if i try pluto segfaults with "oakley_alg_makedb() ike hash halg=5 not present" (sha2_384 would be halg id 5 i guess)</div>
<div><br></div><div>any ideas ????<br></div></div>