Sorry to propagate misinformation: this expression (suggested to support
android) works fine:
esp=aes256-sha2_512,aes256-sha1,aes256-sha2_256,3des-sha1
On my first attempt to try this, I put in a typo that kept my connection from
loading from:
/etc/ipsec.d/mything.conf
But the
For the sake of discussion and to rule out misunderstanding, here's my complete
and working ipsec configuration file:
conn L2TP-PSK
pfs=no
auto=add
ikev2=no
ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024
On Fri, 20 Sep 2019 at 17:05, Hugh Sparks wrote:
>
> I tried adding "ikev2=no" and got this error:
>
> Failed to add connection "L2TP-PSK": ike string error: IKE encryption
> algorithm 'aes_gcm256' is not supported by IKEv1
IKEv1 doesn't support AES GCM for IKE (only ESP). One way to get
On Fri, 20 Sep 2019, Hugh Sparks wrote:
Subject: Re: [Swan] After upgrade,
"No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]
The Wizard Wooters got me close enough: I added these incantations:
ikev2=no
ike=aes256-sha1-modp1024,aes128-sha1-modp1024
The Wizard Wooters got me close enough: I added these incantations:
ikev2=no
ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024\
esp=aes256-sha256,aes256-sha1,3des-sha1
Now Windows and iphone clients work perfectly.
I spent 10 hours on this before I gave up and asked
I tried adding "ikev2=no" and got this error:
Failed to add connection "L2TP-PSK": ike string error: IKE encryption
algorithm 'aes_gcm256' is not supported by IKEv1
Perhaps closer...
Thanks again.
On 9/20/2019 3:39 PM, Paul Wouters wrote:
Add ikev2=no
The default changed from v1 to v2
Add ikev2=no
The default changed from v1 to v2
Paul
Sent from my iPhone
> On Sep 20, 2019, at 15:39, Hugh Sparks wrote:
>
> New list member here.
>
> I have a server running Libreswan to allow iphone and Windows clients access
> to the office LAN. This has worked for many years.
> (I
New list member here.
I have a server running Libreswan to allow iphone and Windows clients access to
the office LAN. This has worked for many years.
(I never needed to join this list.)
Recently, I did three server upgrades in quick succession going from fedora 27
to fedora 30. Something