[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Avesh Agarwal
avagarwa at redhat.com
Tue Mar 9 14:00:35 EST 2010
On 03/09/2010 01:57 PM, Craig Constantine wrote:
>> Is this DH group 2? Also I think "esp" is being obsolete, so dont
>> use that. Well, you can try following:
>>
>> phase2=esp phase2alg=3DES-SHA1;modp1024
>>
> Whit,
>
> Avesh and I are saying the same thing about specifying the modpNBITS.
>
> I'm using Ubuntu 9.10 server 64bit. I could only make the config work
> with "A-B-C" (as in my previous message). The man pages say "A-B;C" as
> Avesh has shown.
> But mine does not work with the semicolon, I get an
> error about parsing of the config file failing when I try to start ipsec.
>
>
That is because you are probably using some old (well not so old)
version. It was fixed recently, I think, in 2.6.23.
Regards
Avesh
> Also, Avesh makes a good point about the esp deprecation... All my
> configs use "ike=..." and "phase2alg=..." and I here I recall the man
> page being correct about which config keys are aliases to which others,
> and which are deprecated.
>
> -craig
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list