Thanks, I will lock at that =) Best regards Johan
2012/5/12 Christian Weisgerber <na...@mips.inka.de>: > Johan Ryberg <jo...@securit.se> wrote: > >> I found this information that seems very interesting: >> http://www.openbsd.org/faq/upgrade47.html#hmac-sha2 > >> ike esp from 192.168.1.1 to 10.0.0.17 peer 192.168.10.1 psk mekmitasdigoat >> >> The man page of ipsec.conf says that hmac-sha1, aes, and modp1024 is >> used as mode auth algorithm enc algorithm group group if omitted > > In "main mode", which is just the initial IKE negotiation part. > Actual traffic is passed in "quick mode", which defaults to > hmac-sha2-256 and aes. > > You can also use ipsecctl -nvf /etc/ipsec.conf to look at the > expanded rules, or ipsecctl -ss to look at the parameters used by > the currently active security associations. No need to guess. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
