search for: compression_algorithm

...authentication_method rsasig; dh_group modp4096; lifetime time 300 sec; } } sainfo anonymous { pfs_group modp4096; lifetime time 300 sec; encryption_algorithm rijndael 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } padding { randomize on; randomize_length on; strict_check on; } script for setting up policy: #!/usr/bin/setkey -f flush; spdflush; spdadd 192.168.2.10/32 192.168.2.11/32 any -P out ipsec esp/tunnel/192.168.2.10-192.168.2.11/require a...

...tion_method rsasig ; > dh_group 2 ; > } > } > > sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compression_algorithm deflate ; > } > > sainfo address 5.6.7.8/32 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compression_algorithm deflate ; > } /etc/racoo...

...pfs_group 2; >>> } >>> >>> sainfo anonymous >>> { >>> pfs_group 2; >>> lifetime time 1 hour; >>> encryption_algorithm rijndael; >>> authentication_algorithm hmac_sha256; >>> compression_algorithm deflate; >>> } >>> >>> When I try to connect from roadwarrior client using xauth, server >>> returns me >>> this errors: >>> >>> 2007-10-13 00:21:52: INFO: ISAKMP-SA established >>> 172.28.45.4[4500]-172.17.35.3[4500] &gt...

...urce pam; auth_groups "users"; group_source system; auth_throttle 10; pfs_group 2; } sainfo anonymous { pfs_group 2; lifetime time 1 hour; encryption_algorithm rijndael; authentication_algorithm hmac_sha256; compression_algorithm deflate; } When I try to connect from roadwarrior client using xauth, server returns me this errors: 2007-10-13 00:21:52: INFO: ISAKMP-SA established 172.28.45.4[4500]-172.17.35.3[4500] spi:e3ff2f5a0873ff54:ad9b13f8035ec2f2 2007-10-13 00:21:52: INFO: Using port 0 2007-10-13 00:21:52: ERROR:...

...m 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 30 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } Kevin Glick glitch@ridiculum.woohaw.com

...encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 2 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } remote 192.168.0.29 { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "slave1.public" "slave1.private"; peers_certfile "slave2.public"; proposal { encryption_alg...

...s; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } relevant ios config on ned: hostname ned ! crypto isakmp policy 10 encryption 3des hash sha authentication pre-share group 2 ! crypto isakmp key 123456asdf address 192.168.1.42 no-xauth ! crypto ipsec transform-set phaedrus_transform ah-sha-hmac esp-3des esp-sha-hmac mode t...

...n_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don''t understand this option } } sainfo anonymous { pfs_group modp1024; #I don''t understand this option lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

...eck obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in advance Priya __________________________________________________________ Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com

...hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo address 192.168.10.0/24 any address 192.168.20.0/24 any { encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } --- The configuration for Host B is similar but the other way round.. Thanks in advance, Juan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

...rithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { lifetime time 12 hour; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } now here’s my problem. if I try to ipsec in from the big bad world, sometimes the router responds on the correct interface, sometimes it doesn’t if I shutdown one interface (ifdown eth3) and ipsec into eth2 everything works 100% J if I shutdown the other interface (ifdown eth2 &a...

...orithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 36000 sec; encryption_algorithm 3des,des,cast128,blowfish ; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate ; } !<--- End of [1]---> !<-------- [2] Racoon Debug/Error msgs below ---------> # racoon -v -F -f /usr/local/etc/racoon/racoon.conf Foreground mode. 2004-01-08 15:26:03: INFO: main.c:172:main(): @(#)package version freebsd-20030826a 2004-01-08 15:26:03: INFO: main.c:174:main(...

...6-cbc | aes128-gcm at openssh.com | aes128-ctr | aes128-cbc | mac_algorithms: (6) | hmac-sha2-256-etm at openssh.com | umac-128-etm at openssh.com | hmac-sha2-512-etm at openssh.com | hmac-sha2-256 | umac-128 at openssh.com | hmac-sha2-512 | compression_algorithms: (2) | none |_ zlib at openssh.com Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds $ The crypto policy enforces the server to start with the proper options after the "-D&quo...

...rithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { lifetime time 12 hour; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } now here''s my problem. if I try to ipsec in from the big bad world, sometimes the router responds on the correct interface, sometimes it doesn''t if I shutdown one interface (ifdown eth3) and ipsec into eth2 everything works 100% :-) if I shutdown the other inter...

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

...ath pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } include "/etc/racoon/192.168.120.165.conf"; Configuration on host-b looks similar, referencing back to host-a. When I ping host-b, the first packet is dropped, as expected (while Racoon does its job with automatic keying). I've included excerpt from /var/log/message f...

...ontact on; support_mip6 on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 10000 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } </racoon.conf> My spdadd <spdadd> #! /bin/sh #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none; #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none; case "$1" in start) setkey -F setkey -FP setkey -c <<EOF spdadd 10.0.10.0/24 10.0.3.0/24 ipencap -...

...on (like "esp/transport//use) # - permutation of the crypto/hash/compression algorithms presented below sainfo anonymous { # pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } --------------------------END------------------------------------------------------------------ certificate are created in bsd with following commands: openssl req -new -nodes -newkey rsa:1024 -sha1 -days 1095 -keyout bsd.private -out request.pem openssl x509 -req -in request.pem -d...