[Openswan Users] Configuring multiple phase 2 algorithms in openswan
Paul Wouters
paul at xelerance.com
Wed Dec 23 14:03:22 EST 2009
On Wed, 23 Dec 2009, s S wrote:
> I am a openswan newbie. In Windows IPSec multiple phase II proposals
> could be configured for IPSec.
> E.g: Lets consider two PCs A and B running Windows XP. All the
> following combination could be configured in PC A against the
> destination IP address of PC B in Windows IPSec
> AH ESP
> md5 md5+aes
> sha1 sha1+3des
> sha1 sha1+aes
>
> Here PC - B may have any one of the above combination and the IPSec
> session will get established.
>
> How could I achieve the same configuration with Open swan. I
> understand that "phase2alg" could be used for phase II configuration.
> But how can multiple algorithms be configured for phase II.
Not specifying any algo will lead to the defaults of aes or 3des with sha1 or
md5. If you want only a select combination of the possible ones, you can use:
phase2algs=aes-sha1,3des-md5
See further 'man ipsec.conf'
Paul
More information about the Users
mailing list