[Openswan Users] config to talk to device with aes, sha, psk
Brendan Simon
Brendan at BrendanSimon.com
Sun Jan 8 13:16:51 CET 2006
Thanks. I'm pretty sure the device I need to communicate with only
supports sha1 and aes256. All other crypto and hashes have been
disabled. The commercial IPSec stack that is in the embedded device has
some issues and I'm contemplating replacing it with OpenSWAN, probably
with NETKEY rather than KLIPS as I believe NETKEY will probably support
advanced linux routing (eg. source based routing and multiple route tables).
Anyway, I'll keep playing and see what happens. Now that I've got
something working, it gives me a base to compare and test other
combinations.
Thanks,
Brendan.
Norman Rasmussen wrote:
> sha1 and sha256 are slightly different. I expect that by dropping the
> '1', you've allowed any sha to be used - you should probably drop the
> esp '1' too, and see if that swaps to the more secure sha256 too. (or
> alternativaly make both sha256, and see if that works)
>
> On 1/7/06, Brendan Simon <Brendan at brendansimon.com> wrote:
>
>> Fixed it.
>> Need to drop the "1" from "sha1" in the ike statement.
>>
>> ike=aes256-sha
>> esp=aes256-sha1
>>
>> Not sure why. Also whack still seems to show sha256. Any ideas why?
>> Anyhow, it's working :)
>>
>> Thanks,
>> Brendan.
>>
More information about the Users
mailing list