[Openswan Users] AES-256 SHA1 Group2

Cassio Bobsin Machado cassiobm at gmail.com
Sat Jul 23 21:53:49 CEST 2005

I'm almost done with that VPN with a CiscoPIX that wants "AES-256 SHA1
Group2" for IKE. (now I'm running RHEL4 with OpenSwan 2.3.1)

I've got the same problem that this thread from March/05 but,
unfortunately, the solution was not posted to the list.

IPSec status shows this...
000 "tim":   IKE algorithms wanted: 7_256-2-2, flags=-strict
000 "tim":   IKE algorithms found:  7_256-2_160-2, 

So, comparing each other...
            wanted    found 
AES      7_256     7_256    -> AES256 ok!
SHA1        2        2_160    -> SHA1 <<<<<
DH2          2            2        -> DH2-1024 ok!

What is wrong here? Aren't they the same?

My IPSEC.CONF lines looks like this...
(I also tried ike=aes256-sha1-modp1024 and some other combinations)

My configuration is OpenSwan 2.3.1 on RHEL4, using default Netkey. I
already have another VPN running, but this one uses 3DES-MD5.

Best Regards,

Cassio Bobsin Machado

More information about the Users mailing list