[Openswan Users] openswan 2.4.x is working but 2.6.x cannot initiate
Roel van Meer
rolek at bokxing.nl
Tue Sep 7 02:43:43 EDT 2010
Paul Wouters writes:
>> I also have some more information: it seems the draytek wants 3des for phase
>> 1. With ike=3des, a connection can be initiated by openswan with both the 2.4
>> and 2.6 versions. With ike=aes, a connection cannot be initiated (from either
>> side). For completeness: if I don't specify ike, openswan 2.4 can initiate a
>> connection but 2.6 cannot.
>
> I believe the default proposal set changed from 3des,aes to aes,3des.
> This is likely a Draytek bug - it should accept aes even if it comes in
> second. I have no idea how they passed the compliance tests with
> their implementation.
How do you know they do any? :)
Anyway, thanks for your help. I've learned a bit more and I'm glad it's not
an openswan problem.
Regards,
roel
More information about the Users
mailing list