[Openswan Users] ESP = CBC

Wed Jun 20 12:50:58 EDT 2007

> Date: Wed, 20 Jun 2007 13:45:12 +0000
> From: "Paul Whelan" <wheelo_01 at hotmail.com>
> Subject: Re: [Openswan Users] ESP = CBC
> To: mort at bork.org
> Cc: users at openswan.org
> 
> Yep sorry esp, typo in the email.
> 
> I have it proper in the conf file, as I can get other 
> encryptions working 
> like 3des-md5-96 and aes-sha1-96, but cant get any encryption 
> with cbc 
> working
> 
> >From: Martin Hicks <mort at bork.org>
> >To: Paul Whelan <wheelo_01 at hotmail.com>
> >CC: users at openswan.org
> >Subject: Re: [Openswan Users] EPS = CBC
> >Date: Wed, 20 Jun 2007 09:01:24 -0400
> >
> >
> >On Wed, Jun 20, 2007 at 12:21:48PM +0000, Paul Whelan wrote:
> > > Hi all,
> > >
> > > Im just wondering what is the default mode of encrytion 
> for 3des and 
> >aes?
> > > I am trying to use 3des_cbc and aes_cbc for encapsulation 
> using syntax
> > > eps=3des_cbc-sha1 or eps=aes_cbc-md5.
> > > Cany anyone help me pls?
> >
> >are you sure that isn't esp= ?
> >
> >--
> >Martin Hicks || mort at bork.org || PGP/GnuPG: 0x4C7F2BEE

Quoting: doc/glossary.html
CBC mode
            Cipher Block Chaining mode, a method of using a block cipher in
            which for each block except the first, the result of the
            previous encryption is XORed into the new block before it is
            encrypted. CBC is the mode used in IPsec.

Given this, I'd say that CBC is always used, and you do not need to specify.
Just use:
	esp=3des-sha1,aes-md5

I also found a reference to the cryptoapi modules, which if you enable in
Kernel and openswan you can use extra encryption ciphers.
aes-cbc and 3des-cbc appear to be some of the extra crypto ciphers here also.
I have never used the cryptoapi myself though, I always found the default aes
And 3des included in openswan to be more than sufficient.

Peter