[Openswan Users] Openswan 2.4.4 on FC5 against OpenBSD 4.0 isakmpd server

Albert Chin openswan-users at mlists.thewrittenword.com
Wed Nov 22 13:51:47 EST 2006

On Wed, Nov 22, 2006 at 04:17:20PM +0100, Paul Wouters wrote:
> On Wed, 22 Nov 2006, Albert Chin wrote:
> >      quick auth algorithm enc algorithm group group
> >            These parameters define the cryptographic transforms to be used for
> >            quick mode.  Possible values for auth, enc, and group are described
> >            below in CRYPTO TRANSFORMS.  If group is specified, Perfect Forward
> >            Security (PFS) is used.  If the value none is used, PFS is dis-
> >            abled.
> >            If omitted, ipsecctl(8) will use the default values hmac-sha2-256
> >            and aes; PFS will only be used if the remote side requests it.
> sha2? Openswan does not support sha2.
> so try using pfs=yes and esp=aes-sha1

I tried this but no change. Still cannot get pass Phase 2. I changed
/etc/ipsec.conf on the OpenBSD box to:
  ike passive esp from to \
    quick auth hmac-sha1 enc aes \
    srcid vpn.thewrittenword.com dstid home.thewrittenword.com

albert chin (china at thewrittenword.com)

More information about the Users mailing list