Displaying 14 results from an estimated 14 matches for "pfs_group".
Did you mean:
pam_group
2007 Oct 12
1
OT: a very big problem with ipsec-tools on CentOS5 (SOLVED)
...netmask4 255.255.255.240;
>>> pool_size 6;
>>> dns4 172.25.50.1;
>>> auth_source pam;
>>> auth_groups "users";
>>> group_source system;
>>> auth_throttle 10;
>>> pfs_group 2;
>>> }
>>>
>>> sainfo anonymous
>>> {
>>> pfs_group 2;
>>> lifetime time 1 hour;
>>> encryption_algorithm rijndael;
>>> authentication_algorithm hmac_sha256;
>>> compressi...
2007 Oct 12
0
OT: a very big problem with ipsec-tools on CentOS5
...dh_group 2;
}
}
mode_cfg {
network4 172.31.78.5;
netmask4 255.255.255.240;
pool_size 6;
dns4 172.25.50.1;
auth_source pam;
auth_groups "users";
group_source system;
auth_throttle 10;
pfs_group 2;
}
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm rijndael;
authentication_algorithm hmac_sha256;
compression_algorithm deflate;
}
When I try to connect from roadwarrior client using xauth, server returns me
this errors...
2004 Sep 24
2
strange behavior of ipsec tunnel mode
...ct;
nonce_size 256;
proposal {
encryption_algorithm blowfish 448;
hash_algorithm sha1 512;
authentication_method rsasig;
dh_group modp4096;
lifetime time 300 sec;
}
}
sainfo anonymous {
pfs_group modp4096;
lifetime time 300 sec;
encryption_algorithm rijndael 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
padding {
randomize on;
randomize_length on;
strict_check on;
}
script for setting up policy:
#!/usr/bin/s...
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
...t; lifetime time 24 hour ;
> proposal {
> encryption_algorithm blowfish;
> hash_algorithm sha1;
> authentication_method rsasig ;
> dh_group 2 ;
> }
> }
>
> sainfo address 192.168.3.0/24 any address 1.2.3.4/32 any
> {
> pfs_group 2;
> lifetime time 12 hour ;
> encryption_algorithm blowfish ;
> authentication_algorithm hmac_sha1, hmac_md5 ;
> compression_algorithm deflate ;
> }
>
> sainfo address 5.6.7.8/32 any address 1.2.3.4/32 any
> {
> pfs_group 2;
> lifetime time 12...
2003 Aug 07
1
IPSec delays
...support_mip6 off;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 30 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
Kevin Glick
glitch@ridiculum.woohaw.com
2007 Feb 03
0
ipsec and x509 certificate
...# obey, strict or claim
certificate_type x509 "slave1.public" "slave1.private";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
remote 192.168.0.29
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "sl...
2004 Oct 22
0
IPSec tunnel mode with IKE daemon
...l_contact on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 2 min;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
relevant ios config on ned:
hostname ned
!
crypto isakmp policy 10
encryption 3des
hash sha
authentication pre-share
group 2
!
crypt...
2004 Sep 04
0
Ipsec and kernel 2.6.8
...n1dn;
certificate_type x509 "Memphis.public" "Memphis.private";
peers_certfile "Zeus.public";
proposal{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024; #I don''t understand this option
}
}
sainfo anonymous
{
pfs_group modp1024; #I don''t understand this option
lifetime time 2 min;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/l...
2005 Dec 07
1
racoon with freebsd-4.11 crashes
...fier address 192.168.190.43;
lifetime time 24 hour;
nonce_size 16;
initial_contact on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo address 192.168.190.44 any address
192.168.190.43 any
{
pfs_group 1;
lifetime time 2 hour;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Thanks in advance
Priya
__________________________________________________________
Yahoo! India Matrimony: Find your partner now. Go to http://yahoo.shaadi.com
2004 Jan 08
1
Windows 2000 <-> FreeBSD IPsec problem
...passive on;
proposal_check claim; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 36000 sec;
encryption_algorithm 3des,des,cast128,blowfish ;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate ;
}
!<--- End of [1]--->
!<-------- [2] Racoon Debug/Error msgs below --------->
# racoon -v -F -f /u...
2007 May 04
1
Multiple SA in the same IPSec tunnel
Hi,
When a IPSec tunnel is established between two peers, I understand that the
"normal" situation is to have in a given moment two SAs, one for each
direction of the tunnel.
However, in one of my tunnels (peer P1 running GNU/Linux with setkey and
racoon; peer P2 is a Cisco router) there is a large number (around 19) of
SAs established (this has been observed in P1 with
2005 May 12
1
Has anybody managed to get native IPSec working?
...sec script):
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
sainfo anonymous
{
pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
include "/etc/racoon/192.168.120.165.conf";
Configuration on host-b looks similar, referencin...
2004 Jul 26
1
Cisco IOS and racoon
...s_identifier user_fqdn "bbeameliarouter";
nonce_size 16;
lifetime time 10000 sec;
initial_contact on;
support_mip6 on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 10000 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
</racoon.conf>
My spdadd
<spdadd>
#! /bin/sh
#spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none;
#spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none...
2007 Nov 15
2
IPSEC help
...ch easier.
proposal_check obey;
}
# phase 2 proposal (for IPsec SA).
# actual phase 2 proposal will obey the following items:
# - kernel IPsec policy configuration (like "esp/transport//use)
# - permutation of the crypto/hash/compression algorithms presented
below
sainfo anonymous
{
# pfs_group 2;
lifetime time 12 hour ;
encryption_algorithm 3des, cast128, blowfish 448, des, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
--------------------------END------------------------------------------------------------------
certificate...