[Openswan Users] How to offer multiple PFS ?
Paul Wouters
paul at xelerance.com
Thu Jul 5 11:38:19 EDT 2007
On Thu, 5 Jul 2007, gal divx wrote:
> esp="3des-sha1-modp1024,3des-sha1-modp2048"
>
> -failed when trying to add the connection with the error:
>
> 034 esp string error: Non initial digit found for auth keylen, just after
> "3des-sha1-" (old_state=ST_AA_END)
Ahh, try:
esp="3des-sha1-96-modp1024,3des-sha1-96-modp2048"
Otherwise, try:
esp="3des-sha1;modp1024,3des-sha1;modp2048"
I agree that this syntax is inconsistent and should be fixed. I am not
sure if the phase2 keyword in openswan 2.5.x and 3.x handle this in a
more consistent way.
Paul
More information about the Users
mailing list