[Openswan Users] Question about ike configuration
mix.kao
mix.kao at cipherium.com.tw
Mon Mar 1 01:28:40 EST 2010
Hello,
i have a question about the openswan config.
I am trying to build a tunnel between two gateways.
gateway1's ike set to AES256-SHA1-MODP768
gateway2's ike set to AES128-SHA1-MODP1536
and finally the tunnel use ==> IKE algorithm newest:
AES_CBC_256-SHA1-MODP768
Is the behavior correct?
If i want the connection connected when two gateway's ike configuration
is the same.
Can Openswan achieve?
=========================================
conn site_192.168.1.0_24-192.168.123.0_24
left=10.2.3.156
leftsubnet=192.168.1.0/24
right=10.29.3.225
rightsubnet=192.168.123.0/24
ike=AES256-SHA1-MODP768
esp=AES256-SHA1-96
dpddelay=10
dpdtimeout=15
keyingtries=%forever
keylife=24h
ikelifetime=8h
rekey=no
rekeymargin=9m
pfs=yes
pfsgroup=MODP1024
auto=add
=========================================
conn site_192.168.123.0_24-192.168.1.0_24
left=10.29.3.225
leftsubnet=192.168.123.0/24
right=10.2.3.156
rightsubnet=192.168.1.0/24
ike=AES128-SHA1-MODP1536
esp=AES256-SHA1-96
dpddelay=10
dpdtimeout=15
keyingtries=%forever
keylife=24h
ikelifetime=8h
rekey=no
rekeymargin=9m
pfs=yes
auto=add
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100301/9b2c37a3/attachment.html
More information about the Users
mailing list