[Openswan Users] IOS Cisco - bug

Ken Bantoft ken at xelerance.com
Wed Feb 11 15:59:52 CET 2004

Hash: SHA1

On Wed, 11 Feb 2004, David Prestwich wrote:

> Hello all,
> I am using an outdated freeswan 1.95 that works great but doesn't have 
> all the functionality that the newer versions have.  (I plan on 
> upgrading just need the time and resources).  I've ran into a little 
> snag with a cisco IOS version 12.2 this past week and I know that it is 
> a fault in the way it runs their proposal.  In essence, freeswan sends 
> out all the proposals as it should yet IOS fails on the first proposal 
> of 3DES because the domain admin on the other side has set the 
> configuration to DES.  I asked if he would switch this to 3DES but he 
> states he can't until he does an upgrade on their side to allow 3DES.  
> During the connection the SA is established but no proposal is chosen 
> because their side does not want to get set to 3DES.  I can use DES on 
> my 1.95 version and am using it currently with several sites.  My 
> question is:  (and I'm pretty sure I know the answer) can I set 1.95 to 
> tell it which level of encryption to use?  I know in the newer version 
> you can define say DES or 3DES but can you do this with the older ones?  
> I don't think that you can.  Any feedback would be great.  Thanks.

Single DES is not supported in any version of FreeS/WAN, and won't be.

Openswan 1.0.0 has some support for it - it's disabled by default so you 
need to turn it on at compile time.

You were right to ask them to upgrade - 1DES is considered insecure by 
today's standards.

- -- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

Version: GnuPG v1.0.7 (GNU/Linux)


More information about the Users mailing list