Subject: ipsec-tools & AES
To: None <netbsd-users@netbsd.org>
From: Jarkko Teppo <jht380@luukku.com>
List: netbsd-users
Date: 11/30/2004 09:06:33
Hi!
I'm stuck here with Cisco VPN client 4.0.5c, NetBSD-1.6ZL and
ipsec-tools-0.5.pre20041109. I've got mutual group authentication
working but something is breaking my setup.
snip from the logs:
Nov 30 08:58:05 zuul racoon: WARNING: trns_id mismatched: my:3DES peer:AES
Nov 30 08:58:05 zuul racoon: WARNING: trns_id mismatched: my:3DES peer:AES
Nov 30 08:58:05 zuul racoon: ERROR: not matched
Nov 30 08:58:05 zuul racoon: WARNING: trns_id mismatched: my:3DES peer:AES
Nov 30 08:58:05 zuul racoon: WARNING: trns_id mismatched: my:3DES peer:AES
Nov 30 08:58:05 zuul racoon: ERROR: not matched
Ok, in racoon.conf I have proposal_check obey and generate_policy on.
Fine, don't do 3DES.
Now if I try to switch racoon to rijndael it gives me this:
2004-11-30 09:05:13: DEBUG: reading config file /usr/pkg/etc/racoon/racoon.conf
2004-11-30 09:05:13: DEBUG: hmac(modp1024)
2004-11-30 09:05:13: ERROR: Invalid transform id: 12
2004-11-30 09:05:13: ERROR: /usr/pkg/etc/racoon/racoon.conf:38: "," algorithm AES not supported by the kernel (missing module?)
2004-11-30 09:05:13: ERROR: fatal parse failure (1 errors)
racoon: failed to parse configuration file.
What am I missing ?
tia,
--
jht