[Openswan Users] aggressive mode isakmp and dh2 (MODP1024)
Michael
mjm159 at ext.canterbury.ac.nz
Sun May 8 17:58:09 CEST 2005
Hi,
I'm a newcomer to ipsec on linux. I'm currently trying to prove that
the equipment that the company I work for makes is compatible with linux
freeswan (it does not currently exist on the list of openswan supported
products). Ideally, to impress a few people, I need to get this working
with aggressive mode and xauth (openswan at the client side).
>From what I read xauth could be a problem, but I am still trying to
overcome isakmp. My device (the right side) reports that it is unhappy
with the group description (DH 5) and so cannot proceed because the
policy does not match what it is expecting. My right hand side device
does not support DH 5 but it does support DH 2.
I have googled and googled and googled again on this. I cannot find a
way to set DH 2 to be the first choice of the ipsec client. Perhaps I
am missing some fundamental peice of knowledge. I would appreciate
someone setting me straight!
Debian Linux with 2.6.8-2-686
Linux Openswan U2.3.1/K2.6.8-2-686 (netkey)
/etc/ipsec.conf
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for
lots.
klipsdebug=all
# plutodebug="control parsing"
plutodebug=all
# Add connections here
conn test
left=10.10.10.1
leftsubnet=10.10.10.0/29
leftnexthop=10.10.10.2
leftid=@test_roam_usr
right=10.10.10.2
rightsubnet=10.10.10.0/29
rightnexthop=10.10.10.1
aggrmode=yes
ike=3des-sha1
xauth=yes
authby=secret
auto=start
/etc/ipsec.secrets
10.10.10.1 10.10.10.2: PSK "0xfk7fb35663a9fe857451d5bad9518fb74a4b67d1"
: RSA {
# RSA 1024 bits michael Sun May 8 15:41:41 2005
blah blah blah
Regards and thanks in advance,
Michael.
More information about the Users
mailing list