[Openswan Users] unsupported ESP Transform ESP_TWOFISH
Paul Wouters
paul at xelerance.com
Thu Jul 29 21:06:04 EDT 2010
On Thu, 29 Jul 2010, Murat Sezgin wrote:
> We are using openswan-2.6.24rc4 on our ubicom32 IP7K openwrt router. We are doing some site-to-site
> tests with a different brand router.On our router, we turned on some extra ciphers like blowfish and
> twofish besides the aes, des, 3des. If we want to use twofish, we are getting the below error on our
> router.
>
> Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4: kernel algorithm does not
> like: no alg
> Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4: unsupported ESP Transform
> ESP_TWOFISH from 192.168.52.105
> Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4: no acceptable Proposal in
> IPsec SA
> Jul 28 08:05:09 OpenWrt authpriv.warn pluto[11621]: "site-to-site-psk" #4: sending encrypted
> notification NO_PROPOSAL_CHOSEN to 192.168.52.105:50
>
> It seems these new ciphers are not recognized by the openswan. This error comes
> from /programs/pluto/spdb_v1_struct.c. It is under the ‘default’ condition of a switch case, excluding
> the cases of: ESP_AES, ESP_3DES, ESP_DES, ESP_NULL .
>
> How can we enable these ciphers in our current openswan version?
>
> Is this an expected error with these ciphers?
Do you have the kernel module? We do try to preload it before starting.
Pluto will tell you on startup as well.
Paul
More information about the Users
mailing list