[Openswan Users] Yet Another EC2 Config Debug

Paul Wouters paul at xelerance.com
Fri Sep 9 16:21:19 EDT 2011

On Fri, 9 Sep 2011, James Nelson wrote:

> Hopefully this doesn't cause a new thread.  If so, I apologize for spamming the group.  I found something that I'm not liking at
> the moment with a simple ipsec whack --status.  My questions are simply:
> 1) Are these algorithms compatible/consistent?
> 2) If not, what does my ike and phase2alg variables have to be set at?
> 000 "ec2check":   IKE algorithms wanted: 3DES_CBC(5)_000-MD5(1)-MODP1536(5), 3DES_CBC(5)_000-MD5(1)-MODP1024(2); flags=-strict
> 000 "ec2check":   IKE algorithms found:  3DES_CBC(5)_192-MD5(1)_128-5, 3DES_CBC(5)_192-MD5(1)_128-2,
> 000 "ec2check":   ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=-strict
> 000 "ec2check":   ESP algorithms loaded: 3DES(3)_192-MD5(1)_128

The repsentatations are a bit odd with "000" meaning "any sane length".
So yes, this is a proper match.


More information about the Users mailing list