[Openswan Users] Using 1DES :(

Paul Wouters paul at xelerance.com
Tue Aug 30 19:16:08 CEST 2005


On Tue, 30 Aug 2005, Rajkumar S wrote:

> I am writing to this list after wracking my brain for past 36 hours :(
>
> My objective is to connect a linux box to a pix vpn. The pix can only
> support DES. So I downloaded super-freeswan-1.99.8 and compiled it with
> linux-2.4.21.

I'd recommend using openswan-2, or at the very least openswan-1. openswan-1
is based off superfreeswan and has a few security fixes.

1DES is not enabled or compiled in per default. For openswan-2, this is
changable by setting the USE_WEAKSTUFF=true in Makefile.inc.

I don't have access to an openswan-1 tree currently to see if it uses
the same variable.

Paul


More information about the Users mailing list