[Openswan Users] Trouble figuring out how to connect Openswan client to Cisco VPN
Paul Wouters
paul at xelerance.com
Thu Apr 9 12:58:37 EDT 2009
On Thu, 9 Apr 2009, Steven Don wrote:
>> From vpnc's log output, it would appear that it ends up using ESP with 3DES
> encryption and SHA1 hashing (which might make sense, as that is also used in the
> initial connection). When I try setting this option (phase2alg=3des-sha1), it tells me:
> ---
> 034 "tst": can not initiate: no acceptable kernel algorithms loaded
Use esp=3des-sha1 and don't use phase2/phase2algs
> in the log:
> ---
> pluto[23555]: | kernel_alg_db_add() kernel auth aalg_id=3 not present
> ---
> Which I find strange, as I have 3DES and SHA enabled in the kernel option (and they
> are being used in the 1st phase). The manpage for ipsec.conf mentions "Note also
phase1 uses 3des from userland. phase2 users 3des in kernel mode. different
code.
Check in /proc/crypto or check with lsmod. It would seem unlikely you don't
have 3des enabled in the kernel.
Paul
More information about the Users
mailing list