[Openswan Users] encryption key

[Justin Fletcher]

> > i would like to change ike and esp to use different key algorithm such as
> > twofish, or serpant,
> > so i add this line in the /etc/ipsec.conf
> > ike="3des-sha1-96"
> > esp=twofish128-sha1
> >
> > but when i start the ipsec service, when i check with ipsec whack --status,
> > there connection said that it prosperiated erouted. what does that mean. do
> > i have something wrong in my configuration?
>
> Not all kernel supported algorithms are supported in the ipsec protocol, or
> in the openswan implementation of it.
>
> I am not sure what the status of twofish is.
>
> Paul

Which raises a basic question - how do we determine which algorithms
are supported?  I'd like to get esp=3des-sha2_256 on using 2.4.6,
NETKEY and a 2.6.19 kernel, but no luck so far, and it results in a
pluto error:

Feb  1 13:50:12 localhost ipsec__plutorun: /usr/lib/ipsec/_plutorun:
line 217: 18590 Aborted                 /usr/lib/ipsec/pluto --nofork
--secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto
--uniqueids
Feb  1 13:50:12 localhost ipsec__plutorun: + status=134
Feb  1 13:50:12 localhost ipsec__plutorun: + echo exit
Feb  1 13:50:12 localhost ipsec__plutorun: + echo 134
Feb  1 13:50:12 localhost ipsec__plutorun: + status=134
Feb  1 13:50:12 localhost ipsec__plutorun: + case "$status" in
Feb  1 13:50:12 localhost ipsec__plutorun: + st=134
Feb  1 13:50:12 localhost ipsec__plutorun: + true
Feb  1 13:50:12 localhost ipsec__plutorun: + :
Feb  1 13:50:12 localhost ipsec__plutorun: + test 134 -gt 128
Feb  1 13:50:12 localhost ipsec__plutorun: ++ expr 134 - 128
Feb  1 13:50:12 localhost ipsec__plutorun: + st='134 (signal 6)'
Feb  1 13:50:12 localhost ipsec__plutorun: + echo '!pluto failure!:
exited with error status 134 (signal 6)'
Feb  1 13:50:12 localhost ipsec__plutorun: !pluto failure!:  exited
with error status 134 (signal 6)
Feb  1 13:50:12 localhost ipsec__plutorun: + echo 'restarting IPsec
after pause...'

Thanks much,
Justin