2012/7/12 Christian Weisgerber <na...@mips.inka.de>: > Rodrigo Mosconi <open...@mosconi.mat.br> wrote: > >> ike esp transport from hubble to spitzer \ >> main \ >> auth hmac-sha2-512 \ >> enc aes-256 \ >> group modp4096 \ >> srcid hubble.domain \ >> dstid spitzer.domain \ >> psk >> '/+V1gt9G6FTQ"_}/Rn#nny!ZCgmd5+jIe^dKXf+)40R6%ZS(zD8Q2DUt[T(NwJOy' > > As lteo@ also just noticed, groups beyond modp2048 don't work. > This is an omission in isakmpd. with 'auth hmac-sha2-512 enc aes-256 group modp3072' works
> > (BTW, you release that main mode only refers to the phase 1 > negotiation, i.e. the exchange between the two isakmpds, and not > to the eventually established security associations, right?) Yes, I understand that "ike esp from _A to _N main/aggressive" only refers to phase 1, and "ike esp from _A to _N quick" to phase 2. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
