[Openswan Users] Re: Please help me to identify problem...
Paul Wouters
paul at xelerance.com
Tue Feb 7 07:35:05 CET 2006
On Tue, 7 Feb 2006, Paul Wouters wrote:
> > conn test_conn
> > aggrmode=yes
> > ike="3DES-MD5-modp1536,3DES-SHA1-modp1536,AES128-SHA1-modp1536"
> > esp="3DES-MD5,3DES-SHA1,AES128-SHA1"
>
> You cannot "negotiate" in Aggressive Mode. You can only specify one option for
> ike= and esp= and it has to be the right one.
Uhm, small correction here. You can have multiple ike= proposals as a responder,
just not as an initiator in aggressive mode. And multiple esp= options is always
okay.
Sorry about that,
Paul
More information about the Users
mailing list