search for: pfs_group

...netmask4 255.255.255.240; >>> pool_size 6; >>> dns4 172.25.50.1; >>> auth_source pam; >>> auth_groups "users"; >>> group_source system; >>> auth_throttle 10; >>> pfs_group 2; >>> } >>> >>> sainfo anonymous >>> { >>> pfs_group 2; >>> lifetime time 1 hour; >>> encryption_algorithm rijndael; >>> authentication_algorithm hmac_sha256; >>> compressi...

...dh_group 2; } } mode_cfg { network4 172.31.78.5; netmask4 255.255.255.240; pool_size 6; dns4 172.25.50.1; auth_source pam; auth_groups "users"; group_source system; auth_throttle 10; pfs_group 2; } sainfo anonymous { pfs_group 2; lifetime time 1 hour; encryption_algorithm rijndael; authentication_algorithm hmac_sha256; compression_algorithm deflate; } When I try to connect from roadwarrior client using xauth, server returns me this errors...

...ct; nonce_size 256; proposal { encryption_algorithm blowfish 448; hash_algorithm sha1 512; authentication_method rsasig; dh_group modp4096; lifetime time 300 sec; } } sainfo anonymous { pfs_group modp4096; lifetime time 300 sec; encryption_algorithm rijndael 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } padding { randomize on; randomize_length on; strict_check on; } script for setting up policy: #!/usr/bin/s...

...t; lifetime time 24 hour ; > proposal { > encryption_algorithm blowfish; > hash_algorithm sha1; > authentication_method rsasig ; > dh_group 2 ; > } > } > > sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compression_algorithm deflate ; > } > > sainfo address 5.6.7.8/32 any address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12...

...support_mip6 off; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 30 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } Kevin Glick glitch@ridiculum.woohaw.com

...# obey, strict or claim certificate_type x509 "slave1.public" "slave1.private"; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 2 min; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } remote 192.168.0.29 { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "sl...

...l_contact on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } relevant ios config on ned: hostname ned ! crypto isakmp policy 10 encryption 3des hash sha authentication pre-share group 2 ! crypt...

...n1dn; certificate_type x509 "Memphis.public" "Memphis.private"; peers_certfile "Zeus.public"; proposal{ encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig; dh_group modp1024; #I don''t understand this option } } sainfo anonymous { pfs_group modp1024; #I don''t understand this option lifetime time 2 min; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/l...

...fier address 192.168.190.43; lifetime time 24 hour; nonce_size 16; initial_contact on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } } sainfo address 192.168.190.44 any address 192.168.190.43 any { pfs_group 1; lifetime time 2 hour; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } Thanks in advance Priya __________________________________________________________ Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com

...passive on; proposal_check claim; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 36000 sec; encryption_algorithm 3des,des,cast128,blowfish ; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate ; } !<--- End of [1]---> !<-------- [2] Racoon Debug/Error msgs below ---------> # racoon -v -F -f /u...

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

...sec script): # Racoon IKE daemon configuration file. # See 'man racoon.conf' for a description of the format and entries. path include "/etc/racoon"; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des, blowfish 448, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } include "/etc/racoon/192.168.120.165.conf"; Configuration on host-b looks similar, referencin...

...s_identifier user_fqdn "bbeameliarouter"; nonce_size 16; lifetime time 10000 sec; initial_contact on; support_mip6 on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 10000 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } </racoon.conf> My spdadd <spdadd> #! /bin/sh #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none; #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none...

...ch easier. proposal_check obey; } # phase 2 proposal (for IPsec SA). # actual phase 2 proposal will obey the following items: # - kernel IPsec policy configuration (like "esp/transport//use) # - permutation of the crypto/hash/compression algorithms presented below sainfo anonymous { # pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } --------------------------END------------------------------------------------------------------ certificate...