[Openswan Users] IKE and SHA2

[Maxim Tyurin]

"Tiago Freitas Leal" <tfl at netcabo.pt> writes:

I am sorry for my bad English (it not my native language) but I hope
that you will understand me :)

> "Maxim Tyurin" <mrkooll at tdr.pibhe.com> writes:
>> "Tiago Freitas Leal" <tfl at netcabo.pt> writes:
>>
>> > On SuperFreeS/WAN 1.99.8 when using
>> >
>> > ike=<enc>-sha2_256 or ike=<enc>-sha2_512
>> >
>> > ipsec auto --status and ipsec whack --status fail to execute until the
> last connection. They end ("crash") with the first connection description
> that uses sha2.
>> >
>> > MOST IMPORTANT - pluto restarts.
>> >
>> > Is it fixed in OpenSwan?
>>
>> Its work in super freeswan 1.99.8
>>
>> I use ike=twofish128-sha2_512
>
> I was using aes and 3des. I tried twofish and got the same result.

3des I don't use because its very slow. 
aes I don't use as there were problems with link with freeswan from debian woody.

>
> The tunnel works all right. The problem is I can't "ipsec auto --status".
> Can you?

For me ipsec auto - status works normal and connection and pluto does
not fall. 

In attachments a configuration from one of my routers and output of
ipsec auto --status command.

In main I use ALTLinux on my IPsec gateways
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf.gz
Type: application/x-gzip
Size: 1303 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040325/03ce8265/ipsec.conf.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.status.gz
Type: application/x-gzip
Size: 2166 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040325/03ce8265/ipsec.status.bin
-------------- next part --------------
-- 

With Best Regards, Maxim Tyurin
JID:	MrKooll at jabber.pibhe.com