Re: Specifying 1 encryption algorithm in ipsec.conf(5) versus isakmpd.conf(5)

[Hans-Joerg Hoexer]

On Mon, May 28, 2007 at 07:02:39PM +0930, Damon McMahon wrote:
 Greetings,
 
 How would I specify that blowfish, AES and 3DES should be accepted -  
 in that order - in ipsec.conf(5) to configure isakmpd(8)?

this is not supported by ipsec.conf(5).

 
 In the deprecated isakmpd.conf(5) for Main Mode I did this:
 
   Transforms = BLF-SHA,AES-SHA,3DES-SHA
 
 and for Quick Mode I did this:
 
   Suites = QM-ESP-BLF-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE,QM- 
 ESP-3DES-SHA-PFS-SUITE
 
 However, in ipsec.conf(5) the following results in a Syntax Error  
 message for lines 2 and 3:
 
   ike from $ipsec_from to $ipsec_to \
   main enc { blowfish, aes, 3des } \
   quick enc { blowfish, aes, 3des }
 
 Any advice will be appreciated.
 
 Kind regards,
 Damon

Specifying 1 encryption algorithm in ipsec.conf(5) versus isakmpd.conf(5)

[Damon McMahon]

Greetings,

How would I specify that blowfish, AES and 3DES should be accepted -  
in that order - in ipsec.conf(5) to configure isakmpd(8)?


In the deprecated isakmpd.conf(5) for Main Mode I did this:

Transforms = BLF-SHA,AES-SHA,3DES-SHA

and for Quick Mode I did this:

	Suites = QM-ESP-BLF-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE,QM- 
ESP-3DES-SHA-PFS-SUITE


However, in ipsec.conf(5) the following results in a Syntax Error  
message for lines 2 and 3:


ike from $ipsec_from to $ipsec_to \
main enc { blowfish, aes, 3des } \
quick enc { blowfish, aes, 3des }

Any advice will be appreciated.

Kind regards,
Damon