search for: encryption_algorithm

...blic" "mad.private"; peers_certfile x509 "laptop.public"; send_cert on; send_cr on; verify_cert on; lifetime time 300 sec; passive off; proposal_check strict; nonce_size 256; proposal { encryption_algorithm blowfish 448; hash_algorithm sha1 512; authentication_method rsasig; dh_group modp4096; lifetime time 300 sec; } } sainfo anonymous { pfs_group modp4096; lifetime time 300 sec; encryption_algorithm rijnda...

...,main; my_identifier asn1dn; peers_identifier asn1dn; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim certificate_type x509 "slave1.public" "slave1.private"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 2 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; }...

...n1dn; >>> proposal_check claim; >>> generate_policy on; >>> nat_traversal on; >>> dpd_delay 20; >>> ike_frag on; >>> passive on; >>> proposal { >>> encryption_algorithm aes; >>> hash_algorithm sha256; >>> authentication_method hybrid_rsa_server; >>> dh_group 2; >>> } >>> } >>> >>> mode_cfg { >>> network4 172.31.78.5; >>...

...e; certificate_type x509 "gwenc.crt" "gwenc.key"; my_identifier asn1dn; proposal_check claim; generate_policy on; nat_traversal on; dpd_delay 20; ike_frag on; passive on; proposal { encryption_algorithm aes; hash_algorithm sha256; authentication_method hybrid_rsa_server; dh_group 2; } } mode_cfg { network4 172.31.78.5; netmask4 255.255.255.240; pool_size 6; dns4 172.25.50.1; auth_source pam;...

...hange_mode aggressive; doi ipsec_doi; situation identity_only; \ nonce_size 256; lifetime time 30 min; # sec,min,hour initial_contact on; support_mip6 off; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 30 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; c...

...exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; my_identifier address; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_sha1;...

...8.1.1-192.168.1.2/require ah/tunnel/192.168.1.1-192.168.1.2/require; Racoon.conf remote 192.168.1.1 { exchange_mode main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "Memphis.public" "Memphis.private"; peers_certfile "Zeus.public"; proposal{ encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don''t understand this option } } sainfo anonymous { pfs_group modp1024; #I don''t understand this option lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression...

...phase1 30 sec; phase2 15 sec; } remote 192.168.190.43 { exchange_mode main; doi ipsec_doi; situation identity_only; my_identifier address 192.168.190.44; peers_identifier address 192.168.190.43; lifetime time 24 hour; nonce_size 16; initial_contact on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in...

...68.0.254-192.168.0.67/require; -------- #/etc/raccon/raccon.conf # path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; remote 192.168.0.254 { exchange_mode main; lifetime time 8 hour; # sec,min,hour proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo address 192.168.10.0/24 any address 192.168.20.0/24 any { encryption_algorithm 3des ; authentication_algorithm hmac_sha1;...

...> exchange_mode main; > certificate_type x509 "sandy.pem" "sandy_key.pem"; > verify_cert on; > my_identifier asn1dn ; > peers_identifier asn1dn ; > verify_identifier on ; > lifetime time 24 hour ; > proposal { > encryption_algorithm blowfish; > hash_algorithm sha1; > authentication_method rsasig ; > dh_group 2 ; > } > } > > sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish...

...doi; generate_policy on; passive on; lifetime time 24 hour; #my_identifier user_fqdn "REMOVED"; peers_identifier user_fqdn "REMOVED"; verify_identifier on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { lifetime time 12 hour; encryption_algorithm 3des; authentication_algorithm hmac_md5; compr...

...exchange_mode main,aggressive; nonce_size 32; situation identity_only; lifetime time 1 min; # sec,min,hour initial_contact on; support_mip6 on; passive on; proposal_check claim; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 36000 sec; encryption_algorithm 3des,des,cast128,blowfish ; authentication_algorit...

...doi; generate_policy on; passive on; lifetime time 24 hour; #my_identifier user_fqdn "REMOVED"; peers_identifier user_fqdn "REMOVED"; verify_identifier on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { lifetime time 12 hour; encryption_algorithm 3des; authentication_algorithm hmac_md5; compr...

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

...main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "/etc/racoon/certs/host-a.public" "/etc/racoon/certs/host-a.private"; peers_certfile "/etc/racoon/certs/host-b.public"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2; } } The racoon.conf file looks like this (I made no changes to it, as installed by ipsec-tools, include statement added by ifup-ipsec script): # Racoon IKE daemon conf...

...ve; doi ipsec_doi; situation identity_only; my_identifier address; send_cr off; send_cert off; lifetime time 2 min; # sec,min,hour initial_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } ERROR MESSAGE ################ 2007-03-22 14:53:53: INFO: begin Identity Protection mode. 2007-03-22 14:53:53: INFO: received Vendor ID: DPD 2007-03-22 14:53:53: ERROR...

...2-nistp521 | diffie-hellman-group-exchange-sha256 | diffie-hellman-group14-sha256 | diffie-hellman-group16-sha512 | diffie-hellman-group18-sha512 | server_host_key_algorithms: (4) | rsa-sha2-512 | rsa-sha2-256 | ecdsa-sha2-nistp256 | ssh-ed25519 | encryption_algorithms: (7) | aes256-gcm at openssh.com | chacha20-poly1305 at openssh.com | aes256-ctr | aes256-cbc | aes128-gcm at openssh.com | aes128-ctr | aes128-cbc | mac_algorithms: (6) | hmac-sha2-256-etm at openssh.com | umac-128-etm at openssh.com |...

...xchange_mode main,base,aggressive; doi ipsec_doi; #situation identity_only; my_identifier user_fqdn "bbedevil"; peers_identifier user_fqdn "bbeameliarouter"; nonce_size 16; lifetime time 10000 sec; initial_contact on; support_mip6 on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 10000 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } </racoon.conf> My spdadd <spdadd> #!...

...n,base; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "bsd.public" "bsd.priv" ; lifetime time 24 hour ; # sec,min,hour #initial_contact off ; #passive on ; # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } # the configuration makes racoon (as a responder) to obey the # initiator's lifetime and PFS group proposal. # this makes testing so much easier. proposal_check obey; } # phase...