Re: [m0n0wall] VPN - IPsec break down without changing anything

From:	Michael Brown <knightmb at knightmb dot dyndns dot org>
To:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] VPN - IPsec break down without changing anything
Date:	Fri, 04 Apr 2008 09:39:45 -0600

A quick google search didn't find anything to support the "it's not 
secure" part, I would like to read more about it if you have a link to 
the information.

wmorgan at ffpir dot org wrote:
> It looks like the other end of the connection is only offering to use
> DES encryption and a 768-bit DH group. This is _not_ secure, but some
> older hardware (notably Cisco) doesn't support anything better.
>
> I'd start by seeing if you can turn on 3DES or AES encryption and at
> least a 1024-bit DH (aka MODP) group on the other end for the phase 1
> negotiation.
> Wes
>
>
>   
>
>
>