On Tue, 8 Jul 2014, Ben Lentz wrote:
Thank you for your very detailed response. I'm glad to hear the crash was
fixed and if it's not yet in a release that explains why neither my RHEL
boxes nor the Fedora 20 Live CD I tested with has it.
You're completely right... I had a working vpnc configuration with this Cisco
IPsec remote access ASA and the config file had " Enable Single DES" in it,
which I thought was mandatory. I just tore that line out, bounced vpnc, and I
can still connect without issue.
Great! Happy to see 1DES die more!
However, I am totally back to square one as far as OpenSwan / libreswan goes.
I have read many many howtos and articles online with regard to connecting
OpenSwan to a Cisco VPN Concentrator / 3000 / IPsec Remote Access / whatever
Cisco calls it these days but I absolutely cannot get it to work with
OpenSwan.
If you have any hints or tips / tricks I would be grateful.
Usually with Cisco, their admin has it configured so you need:
1 Aggressive Mode (aggrmode=yes)
2 No Perfect Forward Secrecy (pfs=no)
3 DH group 2 or 5 (modp1024 or modp1536)
4 3des/aes/md5/sha1
The last two items are part of the default proposal of
libreswan/openswan, but it helps to reduce the DH groups if
you know what to use exactly (eg ike=3des-sha1;modp1536)
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
