search for: modp1536

...x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} pfs=yes auto=start authby=secret dpddelay=30 dpdtimeout=120 dpdaction=hold phase2alg=aes256-sha1;modp1536 phase2=esp ike=aes256-sha1;modp1536 It's mirrored exactly the same on the other side. I have tried changing the dead peer detection timeout to something high (5 minutes), and removing it completely (which I believe defaults it to 30 seconds), neither of which made any differen...

...N IP> leftsubnets={ 10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24} rightsubnets={10.2.1.0/24,10.2.2.0/24,10.2.3.0/24,10.2.4.0/24} auto=start authby=secret dpddelay=30 dpdtimeout=120 dpdaction=hold phase2alg=aes256-sha1;modp1536 phase2=esp ike=aes256-sha1;modp1536 Our VyOS configuration is posted in the above forum post, except now I have followed their advice and created 20 tunnels (each subnet to each subnet, if that makes sense). However, when I enabled this, I got the following errors on the Openswan...

.../24,x.x.x.x/24} > > > rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} > pfs=yes > auto=start > authby=secret > dpddelay=30 > dpdtimeout=120 > dpdaction=hold > phase2alg=aes256-sha1;modp1536 > phase2=esp > ike=aes256-sha1;modp1536 > > It's mirrored exactly the same on the other side. > > I have tried changing the dead peer detection timeout to something high (5 > minutes), and removing it completely (which I believe defaults it to 30 > second...