[Openswan Users] simple DES

Paul Wouters paul at xelerance.com
Tue May 17 19:30:44 CEST 2005


On Tue, 17 May 2005, Markus Feilner wrote:

> for testing purposes I have added an old Cisco Pix 501 to my network. I
> want to set up ipsec tunnels and learn to speak "PIX", as it seems
> necessary for interaction with many customers' VPN peers.
> ;-)
> Now this old PIX has no 3DES Licence. I did not find anything in the
> openswan / ipsec.conf documentation, that could help me how to use
> "simple" des encryption.
> ----/etc/ipsec.conf------
>       esp=aes128-md5,aes128-sha1,3des-md5,3des-sha1
>       ike=aes-md5,aes-sha,3des-md5,3des-sha
> ----------
> What do I have to add/remove to use simple DES? Is it possible? I know
> it's not secure, but it's just for learning purposes!
> Thanks!!!

You need to recompile openswan for 1des support. 1des support is completely
insecure and should not be used. For those ignorning this, they can enable 1des
in Makefile.inc by setting USE_WEAKSTUFF to true.

Then use esp=des

Paul


More information about the Users mailing list