Bug 10860

Summary: IKEv1 Configuration settings wrong
Product: IPFire Reporter: johannes.huchler
Component: ---Assignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: Major Usability    
Priority: - Unknown - CC: itsuperhack, jca, larsen007, mehdi_b, michael.tremer, wolfgang.apolinarski
Version: 2   
Hardware: all   
OS: All   

Description johannes.huchler 2015-05-29 10:20:10 UTC 
Hello,

i found a bug. After i upgrade my IPFire to Core 90 im not able to connect to a Cisco ASA via IPSec IKEv1.

After a few tests a found a bug in the configuration file. It was not written correctly.

/var/ipfire/vpn/ipsec.conf

Core90:
ike=3des-sha-modp1024
esp=3des-sha1

and before (functional):
ike=3des-sha-modp1024
esp=3des-sha1-modp1024

After i add the modp1024 to this configuration file i was able to connect to the ipsec gateway.
Comment 1 Joerg Callsen 2015-06-02 14:46:31 UTC 
*** Bug 10868 has been marked as a duplicate of this bug. ***
Comment 2 Michael Tremer 2015-06-02 20:25:24 UTC 
Could you guys please test this patch? http://patchwork.ipfire.org/patch/9/
Comment 3 Wolfgang Apolinarski 2015-06-04 14:20:17 UTC 
Tested the patch in my ipfire VM:

esp=aes256-sha2_256 would change to
esp=aes256-sha2_256-modp6144,aes256-sha2_256-modp4096,aes256-sha2_256-modp3072

(obviously, modp 3072, 4096 and 6144 where chosen as DH group)
Comment 4 Michael Tremer 2015-06-04 19:12:37 UTC 
Thanks for testing. I will take this as an ACK then.
Comment 5 Michael Tremer 2015-06-20 22:34:09 UTC 
I merged this patch last week although I would have loved more feedback.
Comment 6 Joerg Callsen 2015-06-24 15:57:21 UTC 
I tested the patch today and all worked well. Thanks Michael
Comment 7 johannes.huchler 2015-06-24 17:21:19 UTC 
Same here, all working fine! Thank you!
Comment 8 Michael Tremer 2015-06-24 22:49:59 UTC 
Thank you guys. The fix will be released with Core Update 92 then.
Comment 9 Michael Tremer 2015-07-13 22:51:23 UTC 
*** Bug 10898 has been marked as a duplicate of this bug. ***