[Openswan Users] config to talk to device with aes, sha, psk
Brendan Simon
Brendan at BrendanSimon.com
Sat Jan 7 17:31:28 CET 2006
Fixed it.
Need to drop the "1" from "sha1" in the ike statement.
ike=aes256-sha
esp=aes256-sha1
Not sure why. Also whack still seems to show sha256. Any ideas why?
Anyhow, it's working :)
Thanks,
Brendan.
Brendan Simon wrote:
> Thanks Peter. That's exactly what I wanted, but it still didn't
> work. I googled for a while and found the "ipseck whack --status"
> command. It seems to suggest that aes256 is not supported or can't be
> loaded.
> 000 "host178": ESP algorithms wanted: 12_256-2, flags=-strict
> 000 "host178": ESP algorithms loaded: 12_256-2, flags=-strict
>
> lsmod reveals that the aes module is loaded.
>
> Module Size Used by
> twofish 41600 0
> serpent 21760 0
> aes 31016 0
> blowfish 12096 0
> des 13632 0
> sha256 10880 0
> sha1 8704 0
> crypto_null 3616 0
> xfrm_user 19684 0
> ipcomp 9216 0
> esp4 11744 0
> ah4 9664 0
> md 56756 0
>
> Any idea how to get openswan to use/recognize aes256 ??
>
> Thanks,
> Brendan.
>
>
> Peter McGill wrote:
>> Try adding the following three lines to your conn as follows:
>> Otherwise your setup looks good from what I can tell.
>> the pfs line obviously turns off pfs.
>> the ike line is for phase 1
>> the esp line is for phase 2
>>
>> conn host178
>> pfs=no
>> ike=aes256-sha1
>> esp=aes256-sha1
>
>
More information about the Users
mailing list