On Fri, Nov 24, 2006 at 12:04:57PM +0500, Igor Goldenberg wrote: > 2006/11/24, Albert Chin <[EMAIL PROTECTED]>: > > >> quick auth hmac-sha1 enc aes \ > > > sainfo anonymous { > > pfs_group 2; > > encryption_algorithm aes, 3des, blowfish; > > authentication_algorithm hmac_sha256, hmac_sha1, hmac_md5; > > compression_algorithm deflate; > > } > > I think it's better to setup the same auth algo for both end (and > maybe comment out pfs_group in sainfo).
My /etc/ipsec.conf is: ike passive esp from 192.168.10.0/24 to any \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes \ srcid vpn-server.thewrittenword.com dstid [EMAIL PROTECTED] So yes, I could change the above to: encryption_algorithm aes; authentication_algorithm hmac_sha1; -- albert chin ([EMAIL PROTECTED])