[Openswan Users] Openswan support for Ipsec v3

Paul Wouters paul at xelerance.com
Thu Nov 5 15:02:57 EST 2009

On Thu, 5 Nov 2009, Gupta, Deepak (Deepak) wrote:

>> From one of your earlier postings (https://gsoc.xelerance.com/issues/496) I gathered that SHA2 can be set for esp as per the following:
> ike=aes256-sha1-4096
> esp=aes256-sha2_256-4096

It should be ike=aes256-sha1-modp4096 ( or aes256-sha1;modp4096)

> And, I also find that the file _startnetkey (not KLIPS) delivered by the IPsec rpm loads all the cipher .ko's.  I was just wondering, for example in the case above, when we specify sha2_256, will pluto load the sha256.ko module automatically?

Yes. the cryptoapi has no way oftriggering loading ciphers, so we just have to preload
all the modules we know of. If sha256 is a seperate module and missing, that needs to be


More information about the Users mailing list