[Openswan Users] Specifying SHA256?
Amos Shapira
amos.shapira at gmail.com
Tue Apr 26 01:22:38 EDT 2016
I have to condifer openswan 2.6.38 with Juniper SRX 1500 with the following
connection parameters (dictated by the other party):
Phase 1 Properties
IKE Version v2
Authentication Method Pre-Shared Secret
Encryption Scheme IKE
Perfect Fwd Secrecy – IKE DH Group 14
Encryption Algorithm – IKE AES256
Hashing Algorithm – IKE SHA256
Renegotiate IKE SA time 28800 seconds
Phase 2 Properties CK Parameters covata Parameters
Transform (IPSEC Protocol) ESP
Perfect Fwd Secrecy - IPSEC DH Group 14
Encryption Algorithm - IPSEC AES256
Hashing Algorithm - IPSEC SHA1
Renegotiate IPSEC SA time 28800 seconds
I'm trying to translate this to "openswan configuration speak" but hit a
problem with the Phase 1 settings.
I tried to set it with:
ike=aes256-sha256;modp2048
ikelifetime=8h
salifetime=8h
type=tunnel
authby=secret
forceencaps=yes
auto=start
left=%defaultroute
leftid=xx
leftnexthop=%defaultroute
leftsubnet=yy
right=zz
rightid=zz
rightsubnets={aaaaa}
pfs=yes
phase2=esp
phase2alg=aes256-sha1;modp2048
mtu=1360
But the tunnel doesn't come up and the system log has the line:
esp string error: hash_alg not found, enc_alg="aes", auth_alg="sha256",
modp="modp2048"
I suppose I'm not specifying the sha256 correctly but I didn't find the
right way. What is it?
Thanks,
--Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160426/77fbe8e0/attachment.html>
More information about the Users
mailing list