[Openswan Users] Getting Error in establishing Tunnels with Blowfish, serpent and Twofish

ankit garg ankitgarg_akgec at yahoo.com
Thu Apr 10 05:26:30 EDT 2008 

Hi ,
 
I am using Linux kernel 2.6.20 and openswan-2.5.18dr3 for creating tunnels.During kernel compilation in make menuconfig-->cryptographic options, i checked the options of Blowfish,Twofish and Serpent Cipher algorithms and installed new kernel

In making openswan-2.5.18dr3, i am doing following step:-
 
source:- http://wiki.openswan.org/index.php/BuildingFromTarballsFor2/6
 
1) make programs

2) make install

3) make nattpatch2.6 > ../nat-t-patch-2.6.diff

        cd ../linux

        patch -p1<../nat-t-patch-2.6.diff

        make menuconfig and enable Networking / Networking options / IPSEC Nat-Traversal

        recompile and install new kernel.

This results in error in /net/ipv4/udp.c during the make of kernel.
 
4) From the openswan source directory: 
        export KERNELSRC=/lib/modules/`uname -r`/build

        make module26

        make minstall26

        depmod -a

 
If i skip step3 and make openswan than i am able to establish tunnels between two hosts(both using linux kernel 2.6.20 and openswan-2.5.18dr3)with 3des,aes,aes128 and aes256 algorithms.But i am not able to establish tunnels with Blowfish,serpent and twofish algorithms. 

When i give command from shell "ipsec auto --up net-net" than it gives following errors:-

For Blowfish:-

003 "net-net": requested kernel enc ealg_id=7 not present
034 "net-net": can not initiate: no acceptable kernel algorithms loaded

For Serpent:-

003 "net-net": requested kernel enc ealg_id=252 not present
034 "net-net": can not initiate: no acceptable kernel algorithms loaded

For Twofish:-

003 "net-net": requested kernel enc ealg_id=252 not present
034 "net-net": can not initiate: no acceptable kernel algorithms loaded

kindly tell me is there any algorithms patch required to support blowfish,serpent and twofish, or i need to patch kernel.
I have also made a report on http://bugs.xelerance.com which is available on link http://bugs.xelerance.com/bug_view_advanced_page.php?bug_id=923#bugnotes
I come to know that enable KLIPS Crypto API may solve this problem, but i am not quite sure how to enable KLIPS Crypto API as i have checked all options in make menuconfig-->cryptographic options
 
I will be highly thankfull, if any of you throw some light on this issue.
 
Thanks
Ankit
________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080410/5cf85a92/attachment.html

More information about the Users mailing list