[Openswan Users] Problem KLIPS INSTALLATION :-)
Paul Wouters
paul at xelerance.com
Thu Nov 2 15:53:52 EST 2006
On Thu, 2 Nov 2006, conn intel wrote:
> 2) Compiled kernel successfully. Then booting into new nattpatched kernel,
> compiled the openswan by enabling USE_EXTRACRYPTO & USE_WEAKSTUFF flags.
> For Example :: using ike=blowfish and esp=blowfish i am getting following
> errormessage in /var/log/syslog :
>
>
> Nov 2 23:58:53 localhost kernel: klips_info:ipsec_init: KLIPS startup,
> Openswan KLIPS IPsec stack version: 2.4.6
ike now supports all the algs, but klips does not support all of them. You
will need to use CRYPTO_API with klips. (and I'm not sure if that works
right now either).
> && using ike=1des and esp=aes getting following error ::
> Nov 3 00:05:06 localhost ipsec__plutorun: 034 esp string error: enc_alg
> not found, enc_alg="1des", auth_alg="", modp=""
Edit progorams/pluto/Makefile
Change:
ifeq ($(USE_WEAKSTUFF),true)
WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 #-DUSE_1DES
endif
to
ifeq ($(USE_WEAKSTUFF),true)
WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES
endif
On openswan 2.5.x and 3.x.x this is fixed and set in Makefile.inc using
USE_BROKEN=true
Paul
More information about the Users
mailing list