[Openswan Users] OpenSwan Configuration for Manual Keys
Jay Potter
jpotter at science.edu
Fri Apr 14 21:36:45 CEST 2006
Brian,
This is a very new release from windows xp professional with service
pack 2 installed (marked 2002). (We just got the MSDN subscription from
Microsoft and this version was included - we did not have to install
service pack 2 seperately) When we run the MMC it allows us the choice
of either 3des or des / sha1 or md5.
I noticed that when I turned off the IPSec on the XP, the Linux box
accepted packes from the XP even though I had that address filtered.
It's almost like IPSec isn't running. At the same time, any machine
that sends an authentication request (ipsec running) even if it is on a
different address responds that it is authenticating (on a ping).
Jay
Brian Candler wrote:
>On Fri, Apr 14, 2006 at 02:38:33PM -0500, Jay Potter wrote:
>
>
>>"sample" #1: :responding to Main Mode
>>"Sample" #1: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536
>>supported. Attribute OAKLEY_GROUP_DESCRIPTION
>>"Sample" #1: OAKLEY_DES_CBC is not supported. Attribute
>>OAKLEY_ENCRYPTION _ALGORITHM
>>"Sample" #1: sending notification NO_ROPOSAL_CHOSEN to 172.21.210.3:500
>>
>>
>
>Is this an old and unpatched Windows box? It seems so, as it looks like it
>only supports DES and not 3DES. I've never come across such an old box;
>maybe you could try something like
>
> ike=des-md5-modp512,des-sha1-modp512
>
>However it would make more sense to patch the box so that it supports 3DES
>and 1024-bit Diffie-Hellman.
>
>Brian.
>
>
>
>
More information about the Users
mailing list