[Openswan dev] Freeswan-1.99 patch: SHA first, interop with
interop note broken Checkpoint VPN-1
Paul Wouters
paul at xelerance.com
Wed May 12 14:16:34 CEST 2004
On Tue, 11 May 2004 matt-openswan-dev at kindjal.net wrote:
> Sanitized log attached, made with plutodebug=all.
Thanks!
> The symptom you describe is exactly the one that I had. The patch
> worked for me.
I double checked, and found that the patch didn't work for me because I
needed to manually load the other ipsec algo module. Once I did that,
your patch indeed worked.
Since my VPN server runs Openswan-1, I could just specify:
esp=3des-sha1-96
and your patch wasn't actually required. Support for this in Openswan-2
is being worked on. Current releases do not have it yet, but partially
merged code is in cvs HEAD.
Openswan-2 (HEAD) should also support autoloading the alg modules, so in
the near future, everyone connecting to Checkpoint with Openswan-2 should
just need to add the above line in their connection to interop with the
broken Checkpoint implementation.
Paul
More information about the Dev
mailing list