FAQ: Difference between revisions
Jump to navigation
Jump to search
Paul Wouters (talk | contribs) mNo edit summary |
Paul Wouters (talk | contribs) |
||
Line 31: | Line 31: | ||
</pre> | </pre> | ||
This | This has been fixed in libreswan-3.9. Please upgrade | ||
Revision as of 01:31, 29 March 2014
FAQ
( we will sort this in categories once we have more )
Which IKE Exchange modes does libreswan support?
The IANA Registry lists all official Exchange Modes. There are a few IKEv1 Modes that are very common despite never gotten past the draft stage.
Supported:
- IKEv2 (PSK, raw RSA, X509)
- IKEv1 Main Mode (PSK, raw RSA, X509)
- IKEv1 Aggressive Mode (PSK, raw RSA, X509)
- IKEv1 XAUTH/RSA and XAUTH/PSK with ModeConfig (aka "Cisco IPsec mode")
Not supported
- IKEv2 CP mode (planned, not yet implemented)
- IKEv1 Revised Mode
- IKEv1 Hybrid Mode (aka "Mutual Group Authentication") although there is some unmaintained contributed code
Module unloading error on shutdown or restart: Module esp4 is in use
A common error to see is:
ERROR: Module xfrm4_mode_tunnel is in use ERROR: Module esp4 is in use FAILURE to unload NETKEY esp4/esp6 module
This has been fixed in libreswan-3.9. Please upgrade