[Openswan Users] config problem

Paul Wouters paul at xelerance.com
Mon Aug 29 18:02:17 CEST 2005


On Mon, 29 Aug 2005, Szentmarjay Tibor wrote:

> "now phase 2 parameters are wrong. The following should be set:
>
> Security association lifetime: 3600 seconds
> PFS (Y/N): Y
> DH group:  group5
> Transform set: esp-3des esp-sha-hmac"
>
> What shall I write to the config?
>
> Now the config is:
> conn vodafone
>    left=195.70.36.112
>    leftsubnet=195.70.36.0/24
>    leftnexthop=%defaultroute
>    right=80.244.96.229
>    rightsubnet=80.244.96.0/24
>    rightnexthop=%defaultroute
>    keyingtries=0
>    pfs=yes
>    auth=esp                    # vagy ah
>    auto=start
>    ike=3des-md5-modp1024
>    esp=3des-md5

Change the md5 entries to sha, and the modp entry to 1536

Paul


More information about the Users mailing list