[Openswan Users] the right esp and ike settings
fatcharly at gmx.de
fatcharly at gmx.de
Fri Aug 17 08:47:18 EDT 2012
Hi,
I´m using a CentOS 6.3 with an openswan and I try to connect to our partner. I´m a little bit confused about the needed esp and ike settings I need for this VPN to run. Our Partner demands this as setting:
IKE/Phase1
Diffie-Hellman- Group 5
Encryption Alg. 3des-cbc
Hash Alg. MD5
Lifetime IKE 28800s
ESP/Phase2
PFS = 5
Encryption Alg. 3des-cbc
Authentication Alg. MD5
Lifetime 28800
For Phase 1 I thought of:
ikelifetime=28800s
ike=3DES-CBC-modp1536
but how do I enclose the Hash Alg. MD5 ?
For Phase 2 I thought of:
keylife=28800s
esp=3DES-CBC
pfs=yes
but how do I configure the Authentication Alg. of MD5 and is PFS=yes ok for a PFS=5 ?
My full config can be found under: http://pastebin.com/TtbiBDbd
Any help and suggestion is welcome
kind regards
fatcharly
More information about the Users
mailing list