[Openswan Users] IKE/ESP proposal restriction
Jungwoo Ha
habals at gmail.com
Tue Jan 31 11:37:26 CET 2006
I'd like to restrict the acceptable IKE/ESP proposal. From some other
postings it can be achieved by ike= or esp= at connection setting.
However, in my case, responder accepts all the ike/esp proposal that he
knows.
Here is my configuration
--------------
config %default
left=100.1.1.2
leftsubnet=10.10.10.0/24
leftnexthop=10.10.10.2
right=100.1.1.3
rightsubnet=20.20.20.0/24
rightnexthop=20.20.20.2
type=tunnel
authby=secret
config conn_left
ike=aes
esp=aes
config conn_right
ike=3des
esp=3des
---------------
If I up conn_left the right(responder) accepts aes.
If I up conn_right the left accepts 3des.
Is this a bug or should I do something else to restrict the algorithms used
for ike/esp proposal?
--
Jungwoo Ha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060131/b230202f/attachment.htm
More information about the Users
mailing list