[Openswan Users] Configuration Value Change?

[Madden, Joe]

Hi there,

We have a couple of OpenSWAN ipsec VPN's being used but recently stopped working of their own accord.

As it turns out the issue was the encryption settings which were set to:


        ike=            aes256-sha2_256;modp2048!
        phase2alg=      aes256-sha1!

This worked and my understanding was the explanation mark at the end forced these encryption settings. However these settings now present the following error message:

pluto[13095]: ike string error: Non alphanum char found after in modp string, just after "aes256-sha2_256;modp2048" (old_state=ST_MOPD)

The setting that now work are:

        ike=            aes256-sha2_256;modp2048
        phase2alg=      aes256-sha1

Although I can see that the system is using these encryption settings now but are these settings now forced by default?

Thanks

Joe.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141126/96562531/attachment.html>