[Openswan Users] config to talk to device with aes, sha, psk

Brendan Simon Brendan at BrendanSimon.com
Sun Jan 8 13:16:51 CET 2006

Thanks.  I'm pretty sure the device I need to communicate with only 
supports sha1 and aes256.  All other crypto and hashes have been 
disabled.  The commercial IPSec stack that is in the embedded device has 
some issues and I'm contemplating replacing it with OpenSWAN, probably 
with NETKEY rather than KLIPS as I believe NETKEY will probably support 
advanced linux routing (eg. source based routing and multiple route tables).

Anyway, I'll keep playing and see what happens.  Now that I've got 
something working, it gives me a base to compare and test other 


Norman Rasmussen wrote:
> sha1 and sha256 are slightly different.  I expect that by dropping the
> '1', you've allowed any sha to be used - you should probably drop the
> esp '1' too, and see if that swaps to the more secure sha256 too.  (or
> alternativaly make both sha256, and see if that works)
> On 1/7/06, Brendan Simon <Brendan at brendansimon.com> wrote:
>> Fixed it.
>> Need to drop the "1" from "sha1" in the ike statement.
>>     ike=aes256-sha
>>     esp=aes256-sha1
>> Not sure why.  Also whack still seems to show sha256.  Any ideas why?
>> Anyhow, it's working :)
>> Thanks,
>> Brendan.

More information about the Users mailing list