[Openswan Users] Simple question: What are possible values for esp= in ipsec.conf?

Tibor Incze tibor.incze at eservglobal.com
Thu Jun 9 00:54:38 CEST 2005

What are all the possible values for the esp= in ipsec.conf? (I rtfm-ed
and rtf-wiki-ed, but couldn't find a concise page :)) man linux_spi lists
only 3des-sha1-96 and 3des-md5-96, but I know there are others(aes for
example) that are supported, right?
Anyways, this goes back to my previous question on getting a Openswan to
connect to a Netscreen using aggressive mode(which I'm still working on
figuring out/waiting for an answer on..). It seems that my problem is with
the phase2 proposal side of things. Netscreen supports are sorts of
algorithms, but I've chosen to go with 3Des-Sha. I've specified this in
openswan client as:esp=3des-sha1

Also tried:
esp=3des-sha1-96. No matter which I put in it's the same as leaving this
option out. I get nondescriptive errors:malformed payload in packet
003 "esg_rwvpn" #1: next payload type of ISAKMP Hash Payload has an
unknown value:<random number here>
So what's the last digit(96 above) specify? BTW, I'm using PFS and DH
group2. Does openswan support both of those?Thanks!

More information about the Users mailing list