Hi,
<div><br></div><div>We are using openswan-2.6.24rc4 on our ubicom32 IP7K openwrt router. We are doing some site-to-site tests with a different brand router.On our router, we turned on some extra ciphers like blowfish and twofish besides the aes, des, 3des. If we want to use twofish, we are getting the below error on our router.</div>
<div><br></div><div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:SimSun;color:#1F497D;mso-ansi-language:EN-US;
mso-fareast-language:ZH-CN;mso-bidi-language:AR-SA">Jul 28 08:05:09 OpenWrt
authpriv.warn pluto[11621]: "site-to-site-psk" #4: kernel algorithm
does not like: no alg<br>
Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]:
"site-to-site-psk" #4: </span><b><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";mso-fareast-font-family:SimSun;color:red;
mso-ansi-language:EN-US;mso-fareast-language:ZH-CN;mso-bidi-language:AR-SA">unsupported
ESP Transform ESP_TWOFISH</span></b><span style="font-size:11.0pt;font-family:
"Calibri","sans-serif";mso-fareast-font-family:SimSun;color:#1F497D;mso-ansi-language:
EN-US;mso-fareast-language:ZH-CN;mso-bidi-language:AR-SA"> from 192.168.52.105<br>
Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk"
#4: no acceptable Proposal in IPsec SA<br>
Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]:
"site-to-site-psk" #4: sending encrypted notification
NO_PROPOSAL_CHOSEN to <a href="http://192.168.52.105:50">192.168.52.105:50</a><br></span></div><div><span style="font-size:11.0pt;font-family:
"Calibri","sans-serif";mso-fareast-font-family:SimSun;color:#1F497D;mso-ansi-language:
EN-US;mso-fareast-language:ZH-CN;mso-bidi-language:AR-SA"><br></span></div><div>It seems these new ciphers are not recognized by the openswan. This error comes from <span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); ">/programs/pluto/spdb_v1_struct.c. I</span><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); ">t is under the ‘default’
condition of a switch case, excluding the cases of: ESP_AES, ESP_3DES, ESP_DES,
ESP_NULL</span><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); "> . </span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); "><br>
</span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); ">How can we enable these ciphers in our current openswan version? </span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); "><br>
</span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); ">Is this an expected error with these ciphers?</span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); "><br>
</span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); ">Regards,</span></div><div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); ">Murat</span></div>
<div><span class="Apple-style-span" style="font-family: Calibri, sans-serif; font-size: 15px; color: rgb(31, 73, 125); "><br></span></div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:SimSun;color:#1F497D;mso-ansi-language:EN-US;
mso-fareast-language:ZH-CN;mso-bidi-language:AR-SA"><br></span>