[Openswan Users] config to talk to device with aes, sha, psk
Brendan Simon
Brendan at BrendanSimon.com
Sat Jan 7 15:58:37 CET 2006
Thanks Peter. That's exactly what I wanted, but it still didn't work.
I googled for a while and found the "ipseck whack --status" command. It
seems to suggest that aes256 is not supported or can't be loaded.
000 "host178": ESP algorithms wanted: 12_256-2, flags=-strict
000 "host178": ESP algorithms loaded: 12_256-2, flags=-strict
lsmod reveals that the aes module is loaded.
Module Size Used by
twofish 41600 0
serpent 21760 0
aes 31016 0
blowfish 12096 0
des 13632 0
sha256 10880 0
sha1 8704 0
crypto_null 3616 0
xfrm_user 19684 0
ipcomp 9216 0
esp4 11744 0
ah4 9664 0
md 56756 0
Any idea how to get openswan to use/recognize aes256 ??
Thanks,
Brendan.
Peter McGill wrote:
> Try adding the following three lines to your conn as follows:
> Otherwise your setup looks good from what I can tell.
> the pfs line obviously turns off pfs.
> the ike line is for phase 1
> the esp line is for phase 2
>
> conn host178
> pfs=no
> ike=aes256-sha1
> esp=aes256-sha1
More information about the Users
mailing list