[Openswan Users] AES-256 SHA1 Group2
Cassio Bobsin Machado
cassiobm at gmail.com
Sat Jul 23 21:53:49 CEST 2005
I'm almost done with that VPN with a CiscoPIX that wants "AES-256 SHA1
Group2" for IKE. (now I'm running RHEL4 with OpenSwan 2.3.1)
I've got the same problem that this thread from March/05 but,
unfortunately, the solution was not posted to the list.
http://lists.openswan.org/pipermail/users/2005-March/004173.html
http://lists.openswan.org/pipermail/users/2005-March/004180.html
IPSec status shows this...
000 "tim": IKE algorithms wanted: 7_256-2-2, flags=-strict
000 "tim": IKE algorithms found: 7_256-2_160-2,
So, comparing each other...
wanted found
AES 7_256 7_256 -> AES256 ok!
SHA1 2 2_160 -> SHA1 <<<<<
DH2 2 2 -> DH2-1024 ok!
What is wrong here? Aren't they the same?
My IPSEC.CONF lines looks like this...
ike=aes256-sha-modp1024
esp=aes256-sha1
(I also tried ike=aes256-sha1-modp1024 and some other combinations)
My configuration is OpenSwan 2.3.1 on RHEL4, using default Netkey. I
already have another VPN running, but this one uses 3DES-MD5.
Best Regards,
Cassio Bobsin Machado
More information about the Users
mailing list