NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
setkey -- twofish-cbc unsupported algorithm
Hello, I was willing to benchmark and compare a few IPSEC settings and I noticed twofish-cbc does not seem to be available, although it is referenced in the manual.
Seen on NetBSD/amd64 9.0. Is this a known issue? I tried with 128 and 256 bit keys, same result. No probem with blowfish-cbc and cast128-cbc.
# vi /etc/ipsec.conf
add OFFICEPUB1 OFFICEPUB2 esp 13245 -E twofish-cbc 0x...some-pseudo-random-key...;
add OFFICEPUB2 OFFICEPUB1 esp 13246 -E twofish-cbc 0x...some-other-pseudo-random-key...;
spdadd SUBNET1/24 SUBNET2/24 any -P out ipsec esp/tunnel/OFFICEPUB1-OFFICEPUB2/require;
spdadd SUBNET2/24 SUBNET1/24 any -P in ipsec esp/tunnel/OFFICEPUB2-OFFICEPUB1/require;
# /etc/rc.d/ipsec restart
Clearing ipsec manual keys/policies.
Installing ipsec manual keys/policies.
line 1: unsupported algorithm at [0x...some-pseudo-random-key...]
parse failed, line 1.
https://netbsd.gw.com/cgi-bin/man-cgi?setkey
https://netbsd.gw.com/cgi-bin/man-cgi?setkey++NetBSD-current
Good old KAME is much appreciated, thank you.
--
Pierre-Philipp
Home |
Main Index |
Thread Index |
Old Index