[Swan] Unable to use DH group 19/
Paul Wouters
paul at nohats.ca
Tue May 15 14:21:23 UTC 2018
On Tue, 15 May 2018, Madden, Joe wrote:
> Doesn't work with dh19 on the esp line:
> May 15 13:59:56 clyde01 pluto[20172]: phase2alg string error: pfsgroup "dh19" not found
>
> Seems to work when you load it via IKE settings
>
> clyde01 pluto[20570]: added connection description "seutmc-charm"
>
> Should I raise a Bugzilla with RHEL on this?
Note you do not have to specify this with the esp= line. Leaving it out
means you re-use the same group as the first ike= exchange used.
Specifying it works on 3.24, which will be in RHEL-7.6. And 3.24 also
will have other improvements (re-auth, better rekey support) so this
change would not be a likely candidate for backporting to RHEL-7.5 or
earlier.
Paul
More information about the Swan
mailing list