[Openswan Users] DES and 3DES

zhougengtao zhougengtao at 163.com
Tue Jan 1 19:41:57 EST 2008


Hi All,
I use openswan-2.4.9 to setup VPN, I want to use DES Encryption algorithm, so I set "USE_WEAKSTUFF = true" in openswan-2.4.9\Makefile.inc,
and set "WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES" in openswan-2.4.9\programs\pluto\Makefile, and set "CONFIG_IKE_ALG_1DES=y"
in openswan-2.4.9\programs\pluto\alg\Config.ike_alg, and enable "CONFIG_CRYPTO_DES=y" in linux kernel configuration file ".config",
The Result: DES and 3DES works normally when using auto policy, and DES is works OK when using manual policy. BUT, 3DES can not works in manual policy
What should I do to enable DES and 3DES all work normally.
The error log is :
_capi_new_key(): failed new_key() for "des3_ede" cryptoapi algo (keylen=24)
Jan  1 00:01:05 pluto[610]: Starting Pluto (Openswan Version 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE_]{vKgCoOI)
Jan  1 00:01:06 pluto[610]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan  1 00:01:06 pluto[610]: no helpers will be started, all cryptographic operations will be done inline
Jan  1 00:01:06 pluto[610]: Using KLIPS IPsec interface code on 2.6.11.12
Jan  1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/cacerts'
Jan  1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/aacerts'
Jan  1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/ocspcerts'
Jan  1 00:01:06 pluto[610]: Changing to directory '/etc/ipsec.d/crls'
Jan  1 00:01:06 pluto[610]:   Warning: empty directory
ipsec_setup: Starting Openswan IPsec 2.4.9...
ipsec_setup: /usr/local/libexec/ipsec/spi --label fdsf: pfkey write failed (errno=22): Invalid argument, check kernel log messages for specifics.
Jan  1 00:01:06 pluto[610]: loading secrets from "/etc/ipsec.secrets"
_capi_new_key(): failed new_key() for "des3_ede" cryptoapi algo (keylen=24)
Jan  1 00:01:08 pluto[610]: listening for IKE messages
Jan  1 00:01:09 pluto[610]: adding interface ipsec0/nas0 192.168.99.51:500
Jan  1 00:01:09 pluto[610]: loading secrets from "/etc/ipsec.secrets"  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080102/ba653a2a/attachment.html 


More information about the Users mailing list