[Openswan Users] OpenSwan 2.3.1 implements AES on Phase 1?

Paul Wouters paul at xelerance.com
Fri Jul 15 23:02:38 CEST 2005


On Fri, 15 Jul 2005, Cassio Bobsin Machado wrote:

> I'm trying to connect with a CiscoPIX that requires AES-256, SHA1,
> DHG2 for Phase 1 and, after some log analisys, I've reached a problem.
>
> When preparing ISAKMP Proposal, OpenSwan does not try to make any
> combination with AES, only tries with 3DES for encryption.
>
> I couldn't find in any documentation from OpenSwan (they're a bit
> confusing, mixing old FreeSwan info) that covers this issue.
>
> I tried to force with parameters like "ike=aes" or a dozen of other
> variations but, when I try any of these, it simply does not parse
> IPSEC.CONF.

Can you try using ike=aes256 and tell me if that fixes your problem?

Paul


More information about the Users mailing list