[Openswan Users] Should Openswan 2.6.24 do kernel patch?

Paul Wouters paul at xelerance.com
Tue Feb 9 11:36:29 EST 2010

On Mon, 8 Feb 2010, mix.kao wrote:

> yes, i use the klips as a kernel module (ipsec.ko)
> And i have crypto_algapi with des_generic

> 	protostack=klips

> 	ike=3des-sha1-MODP1024,3des-md5-MODP1024,3des-sha1-MODP768,3des-md5-MODP768,des-sha1-MODP1024,des-md5-MODP1024,des-sha1-MODP768,des-md5-MODP768
> 	esp=3des-sha1-96,3des-md5-96,des-sha1-96,des-md5-96

> ipsec whack --status
> I only get DES support on IKE, no ESP_DES.
> Anything i missing?

Did you enable 1DES when configuring cryptoapi? Perhaps cryptoapi has removed
1des support as well because it can be broken in 2 days? 
The "des" code is the same as the "3des" code, so any "des" reference does not
automatically mean you have "1des" support, it could be only used for "3des.


More information about the Users mailing list