On Tue, 15 May 2018, Madden, Joe wrote:
Doesn't work with dh19 on the esp line:
May 15 13:59:56 clyde01 pluto[20172]: phase2alg string error: pfsgroup "dh19" not found Seems to work when you load it via IKE settings clyde01 pluto[20570]: added connection description "seutmc-charm" Should I raise a Bugzilla with RHEL on this?
Note you do not have to specify this with the esp= line. Leaving it out means you re-use the same group as the first ike= exchange used. Specifying it works on 3.24, which will be in RHEL-7.6. And 3.24 also will have other improvements (re-auth, better rekey support) so this change would not be a likely candidate for backporting to RHEL-7.5 or earlier. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
