[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02170) Re: Two questions about IPSec & algorithms

To: <usagi-users@xxxxxxxxxxxxxx>
Subject: (usagi-users 02170) Re: Two questions about IPSec & algorithms
From: "Garzon Maldonado, Jesus Javier" <jgarzon@xxxxxxxx>
Date: Tue, 4 Feb 2003 15:01:44 +0100
Reply-to: usagi-users@xxxxxxxxxxxxxx
Thread-index: AcLMSMhEs1ZXtGDMRbqo2PdB+tCliAAC64Qg
Thread-topic: (usagi-users 02168) Two questions about IPSec & algorithms

No, there is no SADB_EALG_AES statement defined and/or used in pluto/kernel.c file.

Sorry, I don't know what do you refer with "vanilla kernel". When I unpack the file usagi-linux24-s20030120.tar.bz2 and type make prepare TARGET=linux24, following directories appear (among others):

usagi/
         kernel/
                   linux24
                   usagi
         src/
         usagi/

Any of them is the vanilla kernel source tree?, which one?

Thanks

-----Mensaje original-----
De: mk@xxxxxxxxxxxxxx [mailto:mk@xxxxxxxxxxxxxx]
Enviado el: martes, 04 de febrero de 2003 13:29
Para: Garzon Maldonado, Jesus Javier
CC: usagi-users@xxxxxxxxxxxxxx
Asunto: Re: (usagi-users 02168) Two questions about IPSec & algorithms



> I'm running Red Hat Linux 7.3 with the latest USAGI snap (January 6, 2003). 
> 
> First question:
> I've built IPSec tunnels between a FreeBSD 4.7 box and the USAGI
> implementation successfully using 3DES encryption, but when I try to
> force rinjdael encryption the connections fails because no proposal
> is chosen. The output showed by Pluto is the following:
> unsupported ESP Transform ESP_AES from <peer-address>.
> 
> The configuration statement I use for Pluto configuration is
> esp=aes128-sha1 (I only could find examples with 3des encryption, so
> I did it as Juanjo's algorithms patch do for FreeS/WAN). Anybody has
> tried this before?, What should I do?.
In that patch, is SADB_EALG_AES used and/or defined?
(seepluto/kernel.c)

> Second question:
> I've read in the IPSec HOWTO document that, in order to include
> other algorithms, I should copy the file called
> patch-int-2.4.19.2.bz2 to linux24/crypto/cipher/, 
> and comment out related part of cipher/{Config.in, Makefile}. Just
> this?,I suppose that patch command must be applied, but I don't know
> wich options should be employed. 
the easy way is:
apply path-int-* to your vanilla kernel src tree and copy them to
linux24/crpypto/cipher/.

Regards,
-mk

Follow-Ups:
- (usagi-users 02171) Re: Two questions about IPSec & algorithms
  - From: Mitsuru KANDA / 神田充

Prev by Date: (usagi-users 02169) Re: Two questions about IPSec & algorithms
Next by Date: (usagi-users 02171) Re: Two questions about IPSec & algorithms
Previous by thread: (usagi-users 02169) Re: Two questions about IPSec & algorithms
Next by thread: (usagi-users 02171) Re: Two questions about IPSec & algorithms
Index(es):
- Date
- Thread