[Openswan Users] newbie help - RHEL 3 behind NAT to SonicWall

[Paul Wouters]

On Wed, 18 Jan 2006, Kimberly Knowles Nico wrote:

> If the SonicWall is configured to have Phase 1 & 2 DH Group to be Group 1,
> would that cause the NO_PROPOSAL_CHOSEN response?

Yes. openswan does not allow group1 (mod768) as it is too weak. You would
need to recompile openswan with USE_WEAKSTUFF and USE_BROKEN (and on
older versions enable -D1DES in programs/pluto/Makefile)

I suggest changing sonicwall to use DHgroup 2 or DHgroup 5

Paul