[Openswan Users] Openswan 2.4.4 on FC5 against OpenBSD 4.0 isakmpd server

Paul Wouters paul at xelerance.com
Wed Nov 22 10:17:20 EST 2006

On Wed, 22 Nov 2006, Albert Chin wrote:

>      quick auth algorithm enc algorithm group group
>            These parameters define the cryptographic transforms to be used for
>            quick mode.  Possible values for auth, enc, and group are described
>            below in CRYPTO TRANSFORMS.  If group is specified, Perfect Forward
>            Security (PFS) is used.  If the value none is used, PFS is dis-
>            abled.
>            If omitted, ipsecctl(8) will use the default values hmac-sha2-256
>            and aes; PFS will only be used if the remote side requests it.

sha2? Openswan does not support sha2.

so try using pfs=yes and esp=aes-sha1

>         esp=3des-sha1-96

3des isnt the openbsd default according to your quote.


More information about the Users mailing list