[Openswan Users] DH Group 1 in 2.2.x?
Nate Carlson
natecars at natecarlson.com
Mon Oct 25 12:23:51 CEST 2004
Hey all,
I'm helping a customer out with a migration from an old VPN concentrator
to a new one, and am running into a bit of an issue. We're going from SFS
to Openswan 2.2.0. Unfortunately, they have some links set up that are
using DH Group 1, which isn't supported in 2.2.0. I'm trying to see if we
can get the remote ends set up to support DH Group 2, but if not, is it
possible to get DH Group 1 supported in 2.2.0?
Looking at the source, it looks like it may just be commented out:
programs/pluto/crypto.c:
#if 0 /* modp768 not sufficiently strong */
modp768_modulus,
#endif
#if 0 /* modp768 not sufficiently strong */
|| mpz_init_set_str(&modp768_modulus, MODP768_MODULUS, 16) != 0
#endif
#if 0 /* modp768 not sufficiently strong */
{ OAKLEY_GROUP_MODP768, &modp768_modulus, BYTES_FOR_BITS(768) },
#endif
Would removing the "#if 0"'s get it working, or are there other parts of
the code that aren't in place?
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list