[Swan] How to specify length of "nonce" in phase 1 ?

Paul Wouters paul at nohats.ca
Mon Sep 21 18:51:19 UTC 2015


On Mon, 21 Sep 2015, Hoa Chen wrote:

> On Solaris, there is "p1_nonce_len" to specify length of "nonce" in phase 1.
> 
> But I cannot find corresponding parameter in libreswan. Do you know that ?

The nonce size depends on the DiffieHellman group used. For phase1 you
specify the group as modp values, eg:

 	ike=aes=sha1;modp2048
 	ike=aes=sha1;modp1536
 	ike=aes=sha1;modp1024

Paul


More information about the Swan mailing list