[Openswan Users] Ipsec newbie - trying to connect to sonicwall
Yannick Warnier
ywarnier at beeznest.org
Thu May 19 01:40:20 CEST 2005
Le mardi 17 mai 2005 à 18:28 +0200, Paul Wouters a écrit :
> On Tue, 17 May 2005, Yannick Warnier wrote:
>
> > I am trying to setup an OpenSwan config to connect to a SonicWall server
> > but I am having a lot of problems. I'll try to state things as clearly
> > as I can, in addition to putting the "barf" output below.
> >
> > Basically, the SonicWall is configured so that I can connect to it
> > through the Windows SonicWall client.
>
> > esp=des-hmac_md5
>
> > ike=des-sha1
>
> > The SonicWall configuration uses
> > Phase 1: Group 2 - des - sha1
> > Phase 2: Group 2 = des - hmac_md5
>
> > May 17 17:30:23 localhost pluto[14311]: packet from 192.152.172.132:500:
> > ignoring informational payload, type NO_PROPOSAL_CHOSEN
>
> You need to recompile openswan for 1des support. 1des support is completely
> insecure and should not be used. For those ignorning this, they can enable 1des
> in Makefile.inc by setting USE_WEAKSTUFF to true.
I tried it quickly but got no better result, but I might have messed up
something with my Debian-packaged OpenSwan in the process.
Anyway, I'd like to know if you could point me to some nice
documentation on the topic of 1des >< 3des so I can get an idea of why
it is insecure and change 1des conciously to 3des.
Thank you
Yannick
More information about the Users
mailing list