[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Craig Constantine
craig at blkbx.com
Tue Mar 9 13:57:34 EST 2010
> Is this DH group 2? Also I think "esp" is being obsolete, so dont
> use that. Well, you can try following:
>
> phase2=esp phase2alg=3DES-SHA1;modp1024
Whit,
Avesh and I are saying the same thing about specifying the modpNBITS.
I'm using Ubuntu 9.10 server 64bit. I could only make the config work
with "A-B-C" (as in my previous message). The man pages say "A-B;C" as
Avesh has shown. But mine does not work with the semicolon, I get an
error about parsing of the config file failing when I try to start ipsec.
Also, Avesh makes a good point about the esp deprecation... All my
configs use "ike=..." and "phase2alg=..." and I here I recall the man
page being correct about which config keys are aliases to which others,
and which are deprecated.
-craig
More information about the Users
mailing list