NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

setkey -- twofish-cbc unsupported algorithm

Hello, I was willing to benchmark and compare a few IPSEC settings and I noticed twofish-cbc does not seem to be available, although it is referenced in the manual.
Seen on NetBSD/amd64 9.0.  Is this a known issue?  I tried with 128 and 256 bit keys, same result.  No probem with blowfish-cbc and cast128-cbc.

# vi /etc/ipsec.conf
add OFFICEPUB1 OFFICEPUB2 esp 13245 -E twofish-cbc 0x...some-pseudo-random-key...;
add OFFICEPUB2 OFFICEPUB1 esp 13246 -E twofish-cbc 0x...some-other-pseudo-random-key...;
spdadd SUBNET1/24 SUBNET2/24 any -P out ipsec esp/tunnel/OFFICEPUB1-OFFICEPUB2/require;
spdadd SUBNET2/24 SUBNET1/24 any -P in ipsec esp/tunnel/OFFICEPUB2-OFFICEPUB1/require;

# /etc/rc.d/ipsec restart
Clearing ipsec manual keys/policies.
Installing ipsec manual keys/policies.
line 1: unsupported algorithm at [0x...some-pseudo-random-key...]
parse failed, line 1.

Good old KAME is much appreciated, thank you.

Home | Main Index | Thread Index | Old Index