[Openswan Users]
Re: need some guidence for strict/preferred algos.....
Paul Wouters
paul at xelerance.com
Tue Mar 21 16:34:58 CET 2006
On Tue, 21 Mar 2006, utkarsh shah wrote:
> i would like to know one thing
> how does a strict flag works for encryption algo, auth algo and dh group / pfs group
openswan ALWAYS uses strict mode. There was a bug that allowed it to accept
a connection despite the alg/cipher not being on the esp=/ike= line, but do
not rely on that a s2.4.5 will have fixed this.
> if one side have strict policy and other side preferred then how will it work??
ipsec auto --status will tell you what was used. You can also check the logs
and look at the "IPsec SA Established" which will show which cipher/algo was
agreed upon.
Paul
More information about the Users
mailing list