[Openswan Users] key 2048 bit

Salvatore sasa at shoponweb.it
Wed Mar 27 10:04:22 UTC 2013


Sergey wrote:

>man ipsec_newhostkey
>
>--snip--
>The --bits option specifies the number of bits in the key; the current default is
>2192 and we do not recommend use of anything shorter unless unusual
>constraints demand it.
>--snip--

Hi, I must use this command:

ipsec newhostkey --output /etc/ipsec.secret –bits 2048

thanks for your help, now on my host I have two vpn connections site-to-site and my key is at 2192 bit but now I have to do a new site-to-site connection with a Fortinet appliance that handles only 2048 bit keys but to do this third connection i have to change my key for the first two vpn connections ?
now my conf is:

conn pixsl15
auto=ignore
pfs=yes
 left=81.x.x.x
leftsubnet=10.0.0.0/24
leftnexthop=81.x.x.y
leftrsasigkey=0sAQPviNyME0giYwJk5LTtX7....
right=91.x.x.x
rightsubnet=192.168.0.0/24
rightnexthop=91.x.x.y
rightrsasigkey=0sAQOBJlzFVyCyh12CcdGSiKI...

conn pixsl30
auto=ignore
pfs=yes
 left=81.x.x.x
leftsubnet=10.0.0.0/24
leftnexthop=81.x.x.y
leftrsasigkey=0sAQPviNyME0giYwJk5LTtX7....
right=91.x.x.x
rightsubnet=192.168.1.0/24
rightnexthop=71.x.x.y
rightrsasigkey= 0sAQNmqexyoC0+Hws9jFBYCyIVdd...

Thanks.


-
 Salvatore.





More information about the Users mailing list