diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 23705a01d..26c4a5009 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -192,3 +192,5 @@ Changes since 2.0.3 93) Remove OPENVPNPORT option and change default port to 1194. 94) Avoid shell error during "shorewall stop/clear" + +95) Change encryption to blowfish in 'ipsecvpn' script. diff --git a/Shorewall2/ipsecvpn b/Shorewall2/ipsecvpn index 6cda616e6..7df55a5ec 100644 --- a/Shorewall2/ipsecvpn +++ b/Shorewall2/ipsecvpn @@ -129,7 +129,7 @@ make_racoon_conf() { echo " verify_identifier on ;" echo " lifetime time 24 hour ;" echo " proposal {" - echo " encryption_algorithm 3des;" + echo " encryption_algorithm blowfish;" echo " hash_algorithm sha1;" echo " authentication_method rsasig ;" echo " dh_group 2 ;" @@ -142,7 +142,7 @@ make_racoon_conf() { echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" - echo " encryption_algorithm 3des, blowfish, des, rijndael ;" + echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" @@ -151,7 +151,7 @@ make_racoon_conf() { echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" - echo " encryption_algorithm 3des, blowfish, des, rijndael ;" + echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" @@ -162,7 +162,7 @@ make_racoon_conf() { echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" - echo " encryption_algorithm 3des, blowfish, des, rijndael ;" + echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" @@ -171,7 +171,7 @@ make_racoon_conf() { echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" - echo " encryption_algorithm 3des, blowfish, des, rijndael ;" + echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}"