On Tue, 15 May 2018, Madden, Joe wrote:
ikev2= insist
ike= aes256-sha2_256;ecp256
phase2= esp
phase2alg= aes256-sha2_256;ecp256
It should work with:
ikev2=insist
ike=aes256-sha2_256;dh19
esp=aes256-sha2_256;dh19
I have tried dh19 too.
May 15 08:52:56 clyde01 pluto[15875]: phase2alg string error: pfsgroup "dh19"
not found
You can try leaving out dh19 on the esp= line. It will use the same
group as phase1.
libreswan-3.20-5.el7_4.x86_64
That might have had a parsing problem for esp in it. Note centos 7.5 was
just released with libreswan-3.23.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
