[Openswan Users] Yet Another EC2 Config Debug
Paul Wouters
paul at xelerance.com
Fri Sep 9 16:21:19 EDT 2011
On Fri, 9 Sep 2011, James Nelson wrote:
> Hopefully this doesn't cause a new thread. If so, I apologize for spamming the group. I found something that I'm not liking at
> the moment with a simple ipsec whack --status. My questions are simply:
> 1) Are these algorithms compatible/consistent?
> 2) If not, what does my ike and phase2alg variables have to be set at?
>
> 000 "ec2check": IKE algorithms wanted: 3DES_CBC(5)_000-MD5(1)-MODP1536(5), 3DES_CBC(5)_000-MD5(1)-MODP1024(2); flags=-strict
> 000 "ec2check": IKE algorithms found: 3DES_CBC(5)_192-MD5(1)_128-5, 3DES_CBC(5)_192-MD5(1)_128-2,
> 000 "ec2check": ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=-strict
> 000 "ec2check": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128
The repsentatations are a bit odd with "000" meaning "any sane length".
So yes, this is a proper match.
Paul
More information about the Users
mailing list