[Openswan Users] unsupported ESP Transform ESP_TWOFISH

Murat Sezgin sezginmurat at gmail.com
Thu Jul 29 20:22:03 EDT 2010


Hi,

We are using openswan-2.6.24rc4 on our ubicom32 IP7K openwrt router. We are
doing some site-to-site tests with a different brand router.On our router,
we turned on some extra ciphers like blowfish and twofish besides the aes,
des, 3des. If we want to use twofish, we are getting the below error on our
router.

Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4:
kernel algorithm does not like: no alg
Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk"
#4: *unsupported
ESP Transform ESP_TWOFISH* from 192.168.52.105
Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4:
no acceptable Proposal in IPsec SA
Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4:
sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.52.105:50

It seems these new ciphers are not recognized by the openswan. This error
comes from /programs/pluto/spdb_v1_struct.c. It is under the ‘default’
condition of a switch case, excluding the cases of: ESP_AES, ESP_3DES,
ESP_DES, ESP_NULL .

How can we enable these ciphers in our current openswan version?

Is this an expected error with these ciphers?

Regards,
Murat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100729/157302bf/attachment.html 


More information about the Users mailing list