Bug 10860 - IKEv1 Configuration settings wrong
Summary: IKEv1 Configuration settings wrong
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: - Unknown - Major Usability
Assignee: Michael Tremer
QA Contact:
: 10868 10898 (view as bug list)
Depends on:
Reported: 2015-05-29 10:20 UTC by johannes.huchler
Modified: 2015-08-25 18:40 UTC (History)
6 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description johannes.huchler 2015-05-29 10:20:10 UTC

i found a bug. After i upgrade my IPFire to Core 90 im not able to connect to a Cisco ASA via IPSec IKEv1.

After a few tests a found a bug in the configuration file. It was not written correctly.



and before (functional):

After i add the modp1024 to this configuration file i was able to connect to the ipsec gateway.
Comment 1 Joerg Callsen 2015-06-02 14:46:31 UTC
*** Bug 10868 has been marked as a duplicate of this bug. ***
Comment 2 Michael Tremer 2015-06-02 20:25:24 UTC
Could you guys please test this patch? http://patchwork.ipfire.org/patch/9/
Comment 3 Wolfgang Apolinarski 2015-06-04 14:20:17 UTC
Tested the patch in my ipfire VM:

esp=aes256-sha2_256 would change to

(obviously, modp 3072, 4096 and 6144 where chosen as DH group)
Comment 4 Michael Tremer 2015-06-04 19:12:37 UTC
Thanks for testing. I will take this as an ACK then.
Comment 5 Michael Tremer 2015-06-20 22:34:09 UTC
I merged this patch last week although I would have loved more feedback.
Comment 6 Joerg Callsen 2015-06-24 15:57:21 UTC
I tested the patch today and all worked well. Thanks Michael
Comment 7 johannes.huchler 2015-06-24 17:21:19 UTC
Same here, all working fine! Thank you!
Comment 8 Michael Tremer 2015-06-24 22:49:59 UTC
Thank you guys. The fix will be released with Core Update 92 then.
Comment 9 Michael Tremer 2015-07-13 22:51:23 UTC
*** Bug 10898 has been marked as a duplicate of this bug. ***