[Swan] Unable to use DH group 19/
Madden, Joe
Joe.Madden at mottmac.com
Tue May 15 08:56:08 UTC 2018
Hi List,
We have the following configuration which is throwing an error:
conn seutmc-charm
authby= secret
auto= start
type= tunnel
forceencaps= no
rekeymargin= 3m
keyingtries= %forever
salifetime= 8h
ikelifetime= 24h
ikev2= insist
#RTT
left= #########
leftsubnet= 192.168.142.132/32
leftid= #######
leftnexthop= #########
#SAA
right= #######
rightid= #######
rightsubnet= 10.0.28.1/32
ike= aes256-sha2_256;ecp256
phase2= esp
phase2alg= aes256-sha2_256;ecp256
pfs= yes
sha2_truncbug= no
#Dead Peer Detection
dpdaction= restart
dpddelay= 30
dpdtimeout= 120
May 15 08:50:19 clyde01 pluto[15492]: ike string error: modp group 'ecp256' not found, enc_alg="aes"(256), auth_alg="sha2_256", modp="ecp256"
I have tried dh19 too.
May 15 08:52:56 clyde01 pluto[15875]: phase2alg string error: pfsgroup "dh19" not found
libreswan-3.20-5.el7_4.x86_64
CentOS Linux release 7.4.1708 (Core)
3.10.0-693.21.1.el7.x86_64
Does the CentOS version not support DH19?
Cheers
Joe.
More information about the Swan
mailing list