Sydney Meyer wrote this message on Mon, Aug 03, 2015 at 01:15 +0200:
> the revision i built included gnn's patches to setkey already.
>
> I have tried to setup a tunnel using strongswan with gcm as esp cipher mode,
> but the connection fails with "algorithm AES_GCM_16 not supported by kernel"..
It looks like GCM isn't compiled by default by the port... Try the
attached patch to
src/libhydra/plugings/kernel_pfkey/kernel_pfkey_ipsec.c... it may
require more modifications...
Someone else would be better to work on this...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
--- kernel_pfkey_ipsec.c.orig 2015-08-03 17:15:48.676749000 -0700
+++ kernel_pfkey_ipsec.c 2015-08-03 17:16:40.987182000 -0700
@@ -822,13 +822,13 @@
/* {ENCR_DES_IV32, 0 }, */
{ENCR_NULL, SADB_EALG_NULL },
{ENCR_AES_CBC, SADB_X_EALG_AESCBC },
-/* {ENCR_AES_CTR, SADB_X_EALG_AESCTR }, */
+ {ENCR_AES_CTR, SADB_X_EALG_AESCTR },
/* {ENCR_AES_CCM_ICV8, SADB_X_EALG_AES_CCM_ICV8 }, */
/* {ENCR_AES_CCM_ICV12, SADB_X_EALG_AES_CCM_ICV12 }, */
/* {ENCR_AES_CCM_ICV16, SADB_X_EALG_AES_CCM_ICV16 }, */
/* {ENCR_AES_GCM_ICV8, SADB_X_EALG_AES_GCM_ICV8 }, */
/* {ENCR_AES_GCM_ICV12, SADB_X_EALG_AES_GCM_ICV12 }, */
-/* {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM_ICV16 }, */
+ {ENCR_AES_GCM_ICV16, SADB_X_EALG_AESGCM16 },
{END_OF_LIST, 0 },
};
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[email protected]"
