Hi paul<br>we changed the config file as you said, but there was an error as follow:<br> esp string error: enc_alg not found, enc_alg="aes_", auth_alg="sha1", modp=""<br><br>we think that the correct syntax is "ike=aes-256 and esp=aes-256", but it is nothing to do with<br>
the block size. (it only changes the key size not the block size).<br>It seems that in order to change the block size of AES in openswan the source code should be changed. Because it is defined in openswan-2.4.8/linux/include/crypto/aes.h as follow:<br>
#Define AES_BLOCK_SIZE 16 (which means that the block size is fixed to 128 bits)<br>Thanks for your attention.<br><br><br><div class="gmail_quote">On Mon, Dec 22, 2008 at 8:45 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div>On Mon, 22 Dec 2008, Dariush Zahedmanesh wrote:<br>
<br>
> Hello all<br>
> I'd like to use AES algorithm with 256 length of block size, to avoidance of<br>
> birthday attack.<br>
> I changed (#Define AES_BLOCK_SIZE) to 32, but after running ipsec the vpn<br>
> tunnel didn't up.<br>
> can any one help me to use AES with 256 bits of block size?<br>
> Thanks in advance.<br>
<br>
</div></div>Don't change code. ike=aes_256 and esp=aes_256 should do the job I think?<br>
<font color="#888888"><br>
Paul<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Dariush Zahedmanesh<br>