[Swan-dev] pluto crashes with signal 11 when ike=des
Ben Lentz
ben.lentz at gmail.com
Wed Jul 9 04:35:07 EEST 2014
> pluto: don't die when the only loaded proposal is completely invalid
>
> It will be part of libreswan-3.9. I'll see if I can put this into
> openswan-2.6.32-32 for RHEL-6.6 as well.
>
> But it is not your real problem. Your real problem is trying to use
> 1DES. The only valid answer is: don't.
>
> Paul
Thank you for your very detailed response. I'm glad to hear the crash
was fixed and if it's not yet in a release that explains why neither my
RHEL boxes nor the Fedora 20 Live CD I tested with has it.
You're completely right... I had a working vpnc configuration with this
Cisco IPsec remote access ASA and the config file had " Enable Single
DES" in it, which I thought was mandatory. I just tore that line out,
bounced vpnc, and I can still connect without issue.
So, I'm feeling pretty stupid right about now.
However, I am totally back to square one as far as OpenSwan / libreswan
goes. I have read many many howtos and articles online with regard to
connecting OpenSwan to a Cisco VPN Concentrator / 3000 / IPsec Remote
Access / whatever Cisco calls it these days but I absolutely cannot get
it to work with OpenSwan.
I am going to work with our firewall administrator and put vpnc into
"Debug 99" mode to see if I can figure out what the magic incantation is
for getting the two to talk to each other.
If you have any hints or tips / tricks I would be grateful.
Thanks again for all your help so far!
- Ben
More information about the Swan-dev
mailing list