[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02179) Re: Two questions about IPSec & algorithms

Thank you very much for your help. 

By the way, anybody knowns when will these algorithms be available for Pluto?.

-----Mensaje original-----
De: mk@xxxxxxxxxxxxxx [mailto:mk@xxxxxxxxxxxxxx]
Enviado el: miercoles, 05 de febrero de 2003 6:49
Para: Garzon Maldonado, Jesus Javier
CC: usagi-users@xxxxxxxxxxxxxx
Asunto: Re: (usagi-users 02172) Re: Two questions about IPSec & algorithms


At Tue, 4 Feb 2003 17:14:33 +0100,
Garzon Maldonado, Jesus Javier wrote:
> 
> 
> Sorry, but I'm afraid I am not explaining my problems correctly.
> 
> When you configure the kernel provided by USAGI, you can add support
> for AES algorithm (Cryptographic options  --->AES (aka Rijndael)
> cipher). Then I supposed that when you do this, you can use AES
> algorithm for ESP encryption. However in the USAGI's IPsec howto
> there is no example with aes encryption and I don't know how to use
> it in ipsec.conf file.
As well as FreeS/WAN native Pluto, USAGI version Pluto does not support
AES algorithm for keying, therefore you can't use ipsec.conf file
(which is used by Pluto).

As Abdelkader answered in previous mail, USAGI IPsec stack supports AES,
but Pluto doesn't.
You can use AES for manual keying only.
(see pfkey(8) man page.)

(snipped)

> Since USAGI IPSec implementation is based on FreeS/WAN
> implementation, I supposed that USAGI algorithm implementation was
> based on Juanjo's implementation and I supposed also that
> configuration should be performed in the same way.
I don't know Juanjo's implementation, but the answer is maybe 'no'.

USAGI (kernel) IPsec stack is different from FreeS/WAN implementaion.
We just implemented the same PF_KEY interface of FreeS/WAN in order 
to run Pluto on USAGI IPsec stack.

Regards,
-mk