<DIV>Hi All,<BR>I use openswan-2.4.9 to setup VPN, I want to use DES Encryption algorithm, so I set "USE_WEAKSTUFF = true" in openswan-2.4.9\Makefile.inc,<BR>and set "WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES" in openswan-2.4.9\programs\pluto\Makefile, and set "CONFIG_IKE_ALG_1DES=y"<BR>in openswan-2.4.9\programs\pluto\alg\Config.ike_alg, and enable "CONFIG_CRYPTO_DES=y" in linux kernel configuration file ".config",</DIV>
<DIV>The Result: DES and 3DES works normally when using auto policy, and DES is works OK when using manual policy. BUT, 3DES can not works in manual policy<BR>What should I do to enable DES and 3DES all work normally.<BR>The error log is :<BR>_capi_new_key(): failed new_key() for "des3_ede" cryptoapi algo (keylen=24)<BR>Jan 1 00:01:05 pluto[610]: Starting Pluto (Openswan Version 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE_]{vKgCoOI)<BR>Jan 1 00:01:06 pluto[610]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<BR>Jan 1 00:01:06 pluto[610]: no helpers will be started, all cryptographic operations will be done inline<BR>Jan 1 00:01:06 pluto[610]: Using KLIPS IPsec interface code on 2.6.1112<BR>Jan 1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/cacerts'<BR>Jan 1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/aacerts'<BR>Jan 1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/ocspcerts'<BR>Jan 1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/crls'<BR>Jan 1 00:01:06 pluto[610]: Warning: empty directory<BR>ipsec_setup: Starting Openswan IPsec 2.4.9...<BR>ipsec_setup: /usr/local/libexec/ipsec/spi --label fdsf: pfkey write failed (errno=22): Invalid argument, check kernel log messages for specifics.<BR>Jan 1 00:01:06 pluto[610]: loading secrets from "/etc/ipsec.secrets"<BR>_capi_new_key(): failed new_key() for "des3_ede" cryptoapi algo (keylen=24)<BR>Jan 1 00:01:08 pluto[610]: listening for IKE messages<BR>Jan 1 00:01:09 pluto[610]: adding interface ipsec0/nas0 192.168.99.51:500<BR>Jan 1 00:01:09 pluto[610]: loading secrets from "/etc/ipsec.secrets" </DIV><br><!-- footer --><br><hr>
<a style="font-size:14px;line-height:15px; color:#000; text-decoration:none" href="http://event.mail.163.com/chanel/click.htm?from=NO_25&domain=163" target="_blank"><span style="text-decoration:underline; color:blue">网 易 有 道 词 典 -- 全 球 最 强 大 的 免 费 英 汉 互 译 词 典 ( 只 有 2 兆 )</span> </a>