[Openswan Users] Unable to connect using Windows 7
Daniel Minder
daniel.minder at uni-due.de
Tue Apr 15 05:56:06 EDT 2014
Hi,
Windows 7 is sending 5 proposals for a ISAKMP policy.
The first two are not supported by Openswan (OAKLEY_GROUP 20/19 =
384/256-bit random ECP group).
The next three are aes256-sha1;modp2048, 3des-sha1;modp2048,
3des-sha1;modp1024
However, you specified:
> conn peer-site-to-site
> ike=aes128-sha1!
> esp=aes128-sha1!
This restricts the algorithms for phase 1 and phase 2, but none matches
the remaining proposals of Windows 7.
(BTW: According to the man page "!" is obsolete now. When ike is
specified it's always strict. Also "esp" is obsolete and should be
replaced by phase2alg.)
In contrast the L2TP-PSK-noNAT connection would match:
> conn L2TP-PSK-noNAT
> ike=aes256-sha1,3des-sha1!
So, I suggest to change the lines to:
conn peer-site-to-site
ike=aes256-sha1,aes128-sha1,3des-sha1
phase2alg=aes256-sha1,aes128-sha1,3des-sha1
Best,
Daniel
--
Daniel Minder
University of Duisburg-Essen, Networked Embedded Systems
http://www.nes.uni-due.de/staff/minder/
More information about the Users
mailing list