[Openswan Users] Just two questions

[Paul Wouters]

On Wed, 23 Mar 2005, Hugo Mora wrote:

> - I've seen in some appliance products (like astaro) that the user can
> select: encryption algorithm,  authentication algorithm,  IKE DH Group
> (for ISAKMP phase). How can I set these algorithms with Openswan? I
> cant see that parameters on ipsec.conf documentation...
> I would like to use automatic keying.

see the options for:

esp=
ike=
pfsgroup=

eg: ike=3des-sha1-modp1524

> - If I create one secondary IP on an interface (with iproute), I can't
> create an IPSEC connection with this new IP. The error reported is "We
> cannot identify ourselves with either end of this connection". I think
> ipsec only see the first address. Why I can do that? Is so strange to
> do it?

Currently, onlt the old 'ip aliases' are supported, so if you use
'ifconfig eth0:2 a.b.c.d', then Pluto will recognise them.

Paul
-- 

As time passes hardware approaches the effectiveness of a rock and
the reliability of a crack addict.
5A
                                      --- Naubert's law