Modp1024 is no longer supported by default compile options. It is simply too
weak and can be cracked using academic size resources (eg a small cluster at a
university)
Microsoft really needs to step up their IPsec maintenance.
Paul
Sent from my iPhone
> On Oct 4, 2019, at 14:29, Computerisms
just in case it helps someone:
came across another win10 laptop that would not connect yesterday, even
though all the other win10 laptops do. ended up setting both esp= and
ike= to make it work, like so:
esp=aes256-sha1-modp1024
ike=aes256-sha1-modp1024
On 2019-10-04 11:29 a.m., Comp
Hi Again,
Turns out that brand new laptop still does connect so long as I do not
specify an ike/esp line. in the debug logs, it seems to choose this
proposal:
IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Not sure how that helps me get the other one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2019/09/09 11:19 p.m., Computerisms Corporation wrote:
> Greetings Gurus,
>
> Having updated a good number of my firewalls to debian bullseye
> and libreswan 3.29, seemed reasonable to continue the quest.
What version were you upgrading from? Was
On Mon, 9 Sep 2019, Computerisms Corporation wrote:
Having updated a good number of my firewalls to debian bullseye and libreswan
3.29, seemed reasonable to continue the quest.
Then I came across one that has had me stumped for a while now.
Windows 10 gives policy match error, and libreswan l