[Swan] Unable to use DH group 19/
Paul Wouters
paul at nohats.ca
Tue May 15 13:47:19 UTC 2018
On Tue, 15 May 2018, Madden, Joe wrote:
> ikev2= insist
> ike= aes256-sha2_256;ecp256
> phase2= esp
> phase2alg= aes256-sha2_256;ecp256
It should work with:
ikev2=insist
ike=aes256-sha2_256;dh19
esp=aes256-sha2_256;dh19
> I have tried dh19 too.
>
> May 15 08:52:56 clyde01 pluto[15875]: phase2alg string error: pfsgroup "dh19" not found
You can try leaving out dh19 on the esp= line. It will use the same
group as phase1.
> libreswan-3.20-5.el7_4.x86_64
That might have had a parsing problem for esp in it. Note centos 7.5 was
just released with libreswan-3.23.
Paul
More information about the Swan
mailing list