10898 – IPSEC ipsec.conf : Missing "-modp1536" in ESP line since core 90 and not correct in core 91

Bug 10898 - IPSEC ipsec.conf : Missing "-modp1536" in ESP line since core 90 and not correct in core 91

Summary: IPSEC ipsec.conf : Missing "-modp1536" in ESP line since core 90 and not corr...

Status:	CLOSED DUPLICATE of bug 10860

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	x86_64 Linux

Importance:	- Unknown - Major Usability
Assignee:	Assigned to nobody - feel free to grab it and work on it
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-13 15:12 UTC by mehdi_b
Modified:	2015-07-13 22:51 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mehdi_b 2015-07-13 15:12:56 UTC

You have to modify the esp line in //var/ipfire/vpn/ipsec.conf file.

IPSEC Down == esp=aes256-sha1!

IPSEC Up == esp=aes256-sha1-modp1536!

Exemple of Good IPSec connexion :

conn "Name of IPSec Connexion"
	left=x.x.x.x
	leftsubnet=x.x.x.x/16
	leftfirewall=yes
	lefthostaccess=yes
	right=x.x.x.x
	rightsubnet=x.x.x.x/16
	leftid="x.x.x.x"
	rightid="x.x.x.x"
	ike=aes256-sha-modp1536!
	esp=aes256-sha1-modp1536!
	keyexchange=ikev1
	ikelifetime=3h
	keylife=1h
	dpdaction=restart
	dpddelay=30
	dpdtimeout=120
	authby=secret
	auto=start
	fragmentation=yes

Comment 1 Michael Tremer 2015-07-13 22:51:23 UTC

Fixed with Core Update 92

*** This bug has been marked as a duplicate of bug 10860 ***