Bug 10898

Summary:	IPSEC ipsec.conf : Missing "-modp1536" in ESP line since core 90 and not correct in core 91
Product:	IPFire	Reporter:	mehdi_b
Component:	---	Assignee:	Assigned to nobody - feel free to grab it and work on it <nobody>
Status:	CLOSED DUPLICATE	QA Contact:
Severity:	Major Usability
Priority:	- Unknown -	CC:	michael.tremer
Version:	2
Hardware:	x86_64
OS:	Linux

Description mehdi_b 2015-07-13 15:12:56 UTC

You have to modify the esp line in //var/ipfire/vpn/ipsec.conf file.

IPSEC Down == esp=aes256-sha1!

IPSEC Up == esp=aes256-sha1-modp1536!

Exemple of Good IPSec connexion :

conn "Name of IPSec Connexion"
	left=x.x.x.x
	leftsubnet=x.x.x.x/16
	leftfirewall=yes
	lefthostaccess=yes
	right=x.x.x.x
	rightsubnet=x.x.x.x/16
	leftid="x.x.x.x"
	rightid="x.x.x.x"
	ike=aes256-sha-modp1536!
	esp=aes256-sha1-modp1536!
	keyexchange=ikev1
	ikelifetime=3h
	keylife=1h
	dpdaction=restart
	dpddelay=30
	dpdtimeout=120
	authby=secret
	auto=start
	fragmentation=yes

Comment 1 Michael Tremer 2015-07-13 22:51:23 UTC

Fixed with Core Update 92

*** This bug has been marked as a duplicate of bug 10860 ***