Thor Lancelot Simon <tls@rek.tjls.com> wrote:

> It looks to me like with the ipsec-tools racoon, we lose AES support,
> because there's a disagreement with the kernel about which algorithm
> to use.  That, at least, is very important to fix.

I'm looking at AES. While I was here, I tried all the documented
ciphers. For phase 2, the following cause failures, both in KAME racoon
and ipsec-tools racoon:
encryption: IDEA, 3IDEA, RC5, RC4, TWOFISH
authentication: DES, 3DES, DES_IV32, DES_IV64

Should the documentation be updated and those ciphers removed?

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@netbsd.org