[Openswan Users] Configuring multiple phase 2 algorithms in openswan

Paul Wouters paul at xelerance.com
Wed Dec 23 14:03:22 EST 2009


On Wed, 23 Dec 2009, s S wrote:

> I am a openswan newbie. In Windows IPSec multiple phase II proposals
> could be configured for IPSec.
> E.g: Lets consider two PCs A and B running Windows XP. All the
> following combination could be configured in PC A against the
> destination IP address of PC B in Windows IPSec
> AH     ESP
> md5   md5+aes
> sha1  sha1+3des
> sha1 sha1+aes
>
> Here PC - B may have any one of the above combination and the IPSec
> session will get established.
>
> How could I achieve the same configuration with Open swan. I
> understand that "phase2alg" could be used for phase II configuration.
> But how can multiple algorithms be configured for phase II.

Not specifying any algo will lead to the defaults of aes or 3des with sha1 or
md5. If you want only a select combination of the possible ones, you can use:

 	phase2algs=aes-sha1,3des-md5

See further 'man ipsec.conf'

Paul


More information about the Users mailing list