[Openswan Users] Openswan 2.4.4 on FC5 against OpenBSD 4.0 isakmpd server
Albert Chin
openswan-users at mlists.thewrittenword.com
Wed Nov 22 13:51:47 EST 2006
On Wed, Nov 22, 2006 at 04:17:20PM +0100, Paul Wouters wrote:
> On Wed, 22 Nov 2006, Albert Chin wrote:
>
> > quick auth algorithm enc algorithm group group
> > These parameters define the cryptographic transforms to be used for
> > quick mode. Possible values for auth, enc, and group are described
> > below in CRYPTO TRANSFORMS. If group is specified, Perfect Forward
> > Security (PFS) is used. If the value none is used, PFS is dis-
> > abled.
> > If omitted, ipsecctl(8) will use the default values hmac-sha2-256
> > and aes; PFS will only be used if the remote side requests it.
>
> sha2? Openswan does not support sha2.
>
> so try using pfs=yes and esp=aes-sha1
I tried this but no change. Still cannot get pass Phase 2. I changed
/etc/ipsec.conf on the OpenBSD box to:
ike passive esp from 192.168.1.0/24 to 192.168.6.0/24 \
quick auth hmac-sha1 enc aes \
srcid vpn.thewrittenword.com dstid home.thewrittenword.com
--
albert chin (china at thewrittenword.com)
More information about the Users
mailing list