<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA">Hi all,<BR> <BR>I am trying each alg listed by "ipsec auto status" as phase2alg during my testing.<BR>I build up a test bed with Openswan----Openswan(2.6.33). </SPAN></P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"></SPAN> </P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA">And I met the problem that seems openswan don't support the following algs, although listed by "ipsec auto status".</SPAN></P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"></SPAN> </P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA">Anybody know how to set the "aes_ctr" as esp's encrypt algs ? and how to set "aes_xcbc" as esp's authen alg? Thank.</SPAN></P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"></SPAN> </P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"></SPAN> </P>
<P><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA">Following is the failed case and error log:</P>
<P>1. failed to use aes_ctr as esp's encryp alg.</P>
<P> I set the alg -- "phase2alg=aes_ctr-128-sha1" in ipsec.conf. </P>
<P>----------------- <BR>[root@openswan ~]# cat /etc/ipsec.conf <BR>config setup<BR> pluto=yes<BR> protostack=netkey<BR>conn %default<BR> authby=secret<BR> auto=route<BR> ikev2=never<BR> ikelifetime=600s<BR> rekeymargin=30s<BR> salifetime=1000s<BR> rekey=yes<BR>conn interop4<BR> left=20.3.2.27<BR> leftsubnet=20.2.7.0/24<BR> right=20.3.2.11<BR> rightsubnet=20.1.1.0/24<BR> ike=3des-sha1;modp1024<BR> pfs=yes<BR> phase2alg=aes_ctr-128-sha1<BR> type=tunnel<BR> aggrmode=no<BR>------------------</P>
<P><BR> and I got the error log during negociate with Peer (our Product, which support aes_ctr): </P>
<P> "ERROR: netlink response for Add SA <A href="mailto:esp.8b100d8d@20.3.2.11">esp.8b100d8d@20.3.2.11</A> included errno 38: Function not implemented"</P>
<P>--------------</P>
<P>[root@openswan ~]# cat /var/log/secure</P>
<P>...</P>
<P>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: initiating Main Mode<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: ignoring unknown Vendor ID payload [af7557ec8fa949e5c3850465a3eecc41]<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: STATE_MAIN_I2: sent MI2, expecting MR2<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: STATE_MAIN_I3: sent MI3, expecting MR3<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: Main mode peer ID is ID_IPV4_ADDR: '20.3.2.11'<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+SAREFTRACK {using isakmp#1 msgid:94c62be5 proposal=AES_CTR(13)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #1: received and ignored informational message<BR>May 3 16:59:56 openswan pluto[1621]: "interop4" #2: ERROR: netlink response for Add SA <A href="mailto:esp.8b100d8d@20.3.2.11">esp.8b100d8d@20.3.2.11</A> included errno 38: Function not implemented</P>
<P>-------------- </P>
<P> </P>
<P></SPAN><SPAN style="FONT-FAMILY: '΢ÈíÑźÚ','sans-serif'; FONT-SIZE: 10pt; mso-bidi-font-family: ËÎÌå; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"> 2 failed to use aes_cbc as esp's AUTH alg.</P>
<P> when I set "phase2alg=3des-aes_xcbc;modp2048" in ipsec.conf. </P>
<P> output the error log: "May 4 13:55:08 INTEL pluto[16607]: esp string error: hash_alg not found, enc_alg="3des", auth_alg="aes_xcbc", modp="" ..." </P>
<P> when I set "phase2alg=3des-aes_cbc;modp2048" in ipsec.conf.</P>
<P> output the error log: "ASSERTION FAILED at /home/adam/tools/openswan-2.6.33/lib/libopenswan/alg_info.c:68: case 9 unexpected"</P>
<P> </P>
<P> </P>
<P><BR>--Adam<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"></P></SPAN><BR><!-- footer --><BR><BR><BR><BR><BR><br><!-- footer --><br>