[Openswan Users] BM 3.8 proposals
Peter McGill
petermcgill at goco.net
Fri Oct 20 11:09:44 EDT 2006
> 10-20-2006 1:57:11 pm Warn :Proposal mismatch PHASE 1 HASH Algorithm mismatch mine : SHA his : MD5 dst : 194.213.50.98 src
> : 195.39.44.34 cookies[mine :his] C086F55898B016BA : EF3606AB00000004
>10-20-2006 1:57:11 pm Warn :Proposal mismatch PHASE 1 DH Group mismatch mine : 2 his : unsupported DH Group 5 dst :
>194.213.50.98 src : 195.39.44.34 cookies[mine :his] C086F55898B016BA : EF3606AB00000010
> 10-20-2006 1:57:11 pm Warn :Proposal mismatch PHASE 1 Encryption Algorithm mismatch mine : DES his : 3DES dst :
> 194.213.50.98 src : 195.39.44.34 cookies[mine :his] C086F55898B016BA : EF3606AB00000002
Looks to me like the borderware wants (Single) DES, SHA(1), DH Group 2 (1024 bits).
However, DES is broken, insecure, useless, etc... and as such not allowed by default in Openswan.
You need to update your Borderware to a newer version that supports better encryption,
like 3DES or AES, or if it does support them, enable them on the Borderware.
If you do get 3DES working on the Borderware, you should connect by adding these two lines
to your Openswan ipsec.conf in your conn section:
conn as
ike=3des-sha1-modp1024
esp=3des-sha1
Peter McGill
Software Developer / Network Administrator
Gra Ham Energy Limited
More information about the Users
mailing list