© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Sorry for the delayed response, think I have a new cloud spam filter that blocked the email notification from this site and only received the email notification at 6:00am this morning.
You seem to have a collection of secrets files from multiple connections that haven't been cleaned up when the corresponding connection is stopped. Issue the following to clean things up :
sudo rm -f /etc/ipsec.
The following two lines of ./ike-scan.sh look interesting:
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(
ike-scan isn't providing the names for Diffie Hellman Groups 19 and 20, but they are listed on the following page:
https:/
19 is ecp256 and 20 is ecp384, I've never encountered them before. So for phase 1 and 2 I would recommend :
Phase 1 : aes256-
Phase 2 : aes256-
You could also try overriding and not just supplementing the default algorithms by putting an exclamation mark at the end, e.g. :
Phase 1 : aes256-
Phase 2 : aes256-
Also note there is no guarantee phase 2 is based on the algorithms used in phase 1, just that it is the most common approach to do so. Unfortunately it isn't possible to use ike-scan to query phase 2.