[Openswan Users] OpenSwan Configuration for Manual Keys

Brian Candler B.Candler at pobox.com
Fri Apr 14 22:20:08 CEST 2006


On Fri, Apr 14, 2006 at 02:38:33PM -0500, Jay Potter wrote:
> "sample" #1: :responding to Main Mode
> "Sample" #1: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 
> supported.  Attribute OAKLEY_GROUP_DESCRIPTION
> "Sample" #1:  OAKLEY_DES_CBC is not supported.  Attribute 
> OAKLEY_ENCRYPTION _ALGORITHM
> "Sample" #1: sending notification NO_ROPOSAL_CHOSEN to 172.21.210.3:500 

Is this an old and unpatched Windows box? It seems so, as it looks like it
only supports DES and not 3DES. I've never come across such an old box;
maybe you could try something like

  ike=des-md5-modp512,des-sha1-modp512

However it would make more sense to patch the box so that it supports 3DES
and 1024-bit Diffie-Hellman.

Brian.


More information about the Users mailing list