[Openswan Users] Trouble figuring out how to connect Openswan client to Cisco VPN
Steven Don
shd at earthling.net
Thu Apr 9 13:23:18 EDT 2009
Thanks for the extra information.
> Use esp=3des-sha1 and don't use phase2/phase2algs
*** I had tried both and have set it to use esp now. Used phase2/phase2algs before because
the manpage says "This option is obsolete. Please use phase2alg instead."
At any rate, the result is the same in both cases.
> Check in /proc/crypto or check with lsmod. It would seem unlikely you don't
> have 3des enabled in the kernel.
*** I have no loadable module support in my kernel and (abbreviated a bit):
---
home:~ # cat /proc/crypto
name : cbc(twofish)
...
name : cbc(aes)
...
name : cbc(blowfish)
...
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : kernel
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
name : cbc(des)
...
name : aes
...
name : twofish
...
name : blowfish
...
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
...
name : sha512
...
name : sha384
...
name : sha256
...
name : sha1
...
name : md5
...
home:~ #
---
If I interpret that correctly, I have a blockcipher version "cbc(des3_ede)" and a normal version
"des3_ede" active.
Kind regards,
Steven Don
More information about the Users
mailing list