On Fri, Nov 24, 2006 at 12:04:57PM +0500, Igor Goldenberg wrote:
> 2006/11/24, Albert Chin <[EMAIL PROTECTED]>:
>
> >> quick auth hmac-sha1 enc aes \
>
> > sainfo anonymous {
> > pfs_group 2;
> > encryption_algorithm aes, 3des, blowfish;
> > authentication_algorithm hmac_sha256, hmac_sha1, hmac_md5;
> > compression_algorithm deflate;
> > }
>
> I think it's better to setup the same auth algo for both end (and
> maybe comment out pfs_group in sainfo).
My /etc/ipsec.conf is:
ike passive esp from 192.168.10.0/24 to any \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes \
srcid vpn-server.thewrittenword.com dstid [EMAIL PROTECTED]
So yes, I could change the above to:
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
--
albert chin ([EMAIL PROTECTED])
