pluto: don't die when the only loaded proposal is completely invalid
It will be part of libreswan-3.9. I'll see if I can put this into
openswan-2.6.32-32 for RHEL-6.6 as well.
But it is not your real problem. Your real problem is trying to use
1DES. The only valid answer is: don't.
Paul
Thank you for your very detailed response. I'm glad to hear the crash
was fixed and if it's not yet in a release that explains why neither my
RHEL boxes nor the Fedora 20 Live CD I tested with has it.
You're completely right... I had a working vpnc configuration with this
Cisco IPsec remote access ASA and the config file had " Enable Single
DES" in it, which I thought was mandatory. I just tore that line out,
bounced vpnc, and I can still connect without issue.
So, I'm feeling pretty stupid right about now.
However, I am totally back to square one as far as OpenSwan / libreswan
goes. I have read many many howtos and articles online with regard to
connecting OpenSwan to a Cisco VPN Concentrator / 3000 / IPsec Remote
Access / whatever Cisco calls it these days but I absolutely cannot get
it to work with OpenSwan.
I am going to work with our firewall administrator and put vpnc into
"Debug 99" mode to see if I can figure out what the magic incantation is
for getting the two to talk to each other.
If you have any hints or tips / tricks I would be grateful.
Thanks again for all your help so far!
- Ben
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
