[Openswan Users] Getting Error in establishing Tunnels with Blowfish, serpent and Twofish
ankit garg
ankitgarg_akgec at yahoo.com
Thu Apr 10 05:26:30 EDT 2008
Hi ,
I am using Linux kernel 2.6.20 and openswan-2.5.18dr3 for creating tunnels.During kernel compilation in make menuconfig-->cryptographic options, i checked the options of Blowfish,Twofish and Serpent Cipher algorithms and installed new kernel
In making openswan-2.5.18dr3, i am doing following step:-
source:- http://wiki.openswan.org/index.php/BuildingFromTarballsFor2/6
1) make programs
2) make install
3) make nattpatch2.6 > ../nat-t-patch-2.6.diff
cd ../linux
patch -p1<../nat-t-patch-2.6.diff
make menuconfig and enable Networking / Networking options / IPSEC Nat-Traversal
recompile and install new kernel.
This results in error in /net/ipv4/udp.c during the make of kernel.
4) From the openswan source directory:
export KERNELSRC=/lib/modules/`uname -r`/build
make module26
make minstall26
depmod -a
If i skip step3 and make openswan than i am able to establish tunnels between two hosts(both using linux kernel 2.6.20 and openswan-2.5.18dr3)with 3des,aes,aes128 and aes256 algorithms.But i am not able to establish tunnels with Blowfish,serpent and twofish algorithms.
When i give command from shell "ipsec auto --up net-net" than it gives following errors:-
For Blowfish:-
003 "net-net": requested kernel enc ealg_id=7 not present
034 "net-net": can not initiate: no acceptable kernel algorithms loaded
For Serpent:-
003 "net-net": requested kernel enc ealg_id=252 not present
034 "net-net": can not initiate: no acceptable kernel algorithms loaded
For Twofish:-
003 "net-net": requested kernel enc ealg_id=252 not present
034 "net-net": can not initiate: no acceptable kernel algorithms loaded
kindly tell me is there any algorithms patch required to support blowfish,serpent and twofish, or i need to patch kernel.
I have also made a report on http://bugs.xelerance.com which is available on link http://bugs.xelerance.com/bug_view_advanced_page.php?bug_id=923#bugnotes
I come to know that enable KLIPS Crypto API may solve this problem, but i am not quite sure how to enable KLIPS Crypto API as i have checked all options in make menuconfig-->cryptographic options
I will be highly thankfull, if any of you throw some light on this issue.
Thanks
Ankit
________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080410/5cf85a92/attachment.html
More information about the Users
mailing list