[Openswan Users] How to enable AES algorithm for Openswan-2.3.0

mohan chandra mohanchandra_01 at yahoo.co.in
Thu Apr 14 13:36:36 CEST 2005 

HI,

I am trying to establish ipsec connection between two
linux systems and I also wanted to test the connection
with different ciphers & auth algorithms and with diff
modes.

I have installed IPSec Openswan-2.3.0 on my Linux
system (left) (Redhat Release-9, Kernel 2.4.20-8 on an
i686) and also same for the other system (right).


ipsec.conf has the following details:

# basic configuration
config setup
   	interfaces="ipsec0=eth0"
	# Debug-logging controls:  "none" for (almost) none,
"all" for lots.
	klipsdebug=none
	plutodebug=none
	uniqueids=yes
conn %default
	keyingtries=0
	authby=esp

conn block
	auto=ignore

conn private
	auto=add

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn clear
	auto=ignore

conn packetdefault
	auto=ignore

# For manual connection
conn host-to-host
	left=172.20.17.85
	leftnexthop=172.20.17.1
	leftid=@bob
	right=172.20.17.84
	rightnexthop=172.20.17.1
	rightid=@alice
	type=tunnel
	spi=0x301
	esp=aes128-sha1
	espenckey=0x12345678_9abcdef8_2468ace1_13579bdf
espauthkey=0x12345671_abcdef24_01234edf_efdcba65_12345678
	
conn left-to-right
	left=172.20.17.85
	leftnexthop=172.20.17.1
	leftid=@bob
	right=172.20.17.84
	rightnexthop=172.20.17.1
	rightid=@alice
	type=tunnel
	spi=0x304
	esp=3des-sha1-96
espenckey=0x12345678_9abcdef8_2468ace1_13579bdf_2468ace1_13579bdf
        
espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf_12342468

We are using these two connections for establishing
manual connection.
connection left-to-right works fine for 3des but 
host-to-host with aes algo. is giving the following
errors:

#for 128-bit key length
[root at mohan root]# ipsec manual --up host-to-host
/usr/local/libexec/ipsec/spi --label host-to-host:
invalid encryption keylen=128, must be between 0 and 0
bits

#if we give 256-bit keylength it is giving the error:
[root at mohan root]# ipsec manual --up host-to-host
/usr/local/libexec/ipsec/spi --label host-to-host:
invalid encryption keylen=256, must be between 0 and 0
bits

So plz., specify what to do for making the connection
to work properly.

Specify clearly whether I need to add any other fields
or shall I need to change any field values..
 
I am also attaching ipsec.conf file along with this
mail.

Thanx.

Mohanchandra

________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 2966 bytes
Desc: ipsec.conf
Url : http://lists.openswan.org/pipermail/users/attachments/20050414/688bdcb0/ipsec.obj

More information about the Users mailing list