[Openswan Users] "ike" parameter in ipsec.conf file
Paul Wouters
paul at xelerance.com
Thu Dec 11 14:40:30 EST 2008
On Thu, 11 Dec 2008, Jennifer Agarwal wrote:
> I am having trouble understanding the "ike" parameter in the ipsec.conf file. According to the man page
>
> ike=cipher-hash-modgroup but what are all the possible choices.
Mostly 3des,aes for cipher, sha1,md5,sha256 for hash, and modgroup's modp1024, modp1536,modp2048 etc.
> 000 "ipsec0": IKE algorithms wanted: 3DES_CBC(5)_000-MD5(1)-MODP1024(2); flags=strict
> 000 "ipsec0": IKE algorithms found: 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
> 000 "ipsec0": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
Btw. I would not call your connection "ipsec0", that is very confusing as that is an interface name, not
a connection name.
> So it looks like the tunnel has been negotiated with SA#45. Should I be concerned with the "wanted" "found" and newest not all matching?
the 000 just means any acceptable keysize (192, 256)
> If anyone could provide me with further examples of what is allowed for the parameter "ike" I would appreciate it.
There are many examples in the testsuite in testing/pluto/*ike*
Paul
More information about the Users
mailing list