[Openswan Users] Openswan to Sonicwall - IKE config incorrect
Peter Butler
Peter.Butler at it-freedom.com
Thu Mar 12 08:39:52 EDT 2009
Hi There
I'm trying to connect from Openswan (version 2.4.12) on Ubuntu Intrepid
(Kernel 2.6.27-11) to a Sonicwall LS2400 and I am getting a
NO_PROPOSAL_CHOSEN response from Sonicwall. When I run ipsec auto
--status I get the following as part of the output:
000 "home": IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=strict
000 "home": IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)
000 "home": ESP algorithms wanted: 3DES(3)_000-SHA1(2); flags=strict
000 "home": ESP algorithms loaded: 3DES(3)_000-SHA1(2); flags=strict
From what I can see Openswan is trying to use a different algorithm for
IKE from what Sonicwall is expecting. My ipsec.conf contains:
ike=3des-sha1-modp1024
What should I be using for this instead? Is there any way to disable
"strict"? Any help would be greatly appreciated. I can post the output
of "ipsec barf" if anyone wants to take a closer look.
Cheers
Peter
_______________________________________________________________________
The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you are not the intended recipient, please delete this e-mail immediately. The contents of this e-mail must not be disclosed or copied without the sender's consent. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author.
Registered Office: IT-Freedom Limited, 9 Minster Court, Tuscam Way, Camberley, Surrey GU15 3YY
Registered in England, Number: 04500346
_______________________________________________________________________
More information about the Users
mailing list