Christian Weisgerber wrote:
wang_jiabo <[EMAIL PROTECTED]> wrote:
following is my setkey configration. I can get SAD and SPD. but when I
run " ping6 -I rl0 3ffe:501:ffff:103:20a:ebff:fe85:9e56 " on FreeBSD
FreeBSD report: kernel: esp_aesctr_decrypt aes-ctr:payload length must
be multiple of 16
kernel: decrypt fail in IPv6 ESP input :
(I cannot comment on this problem. Looks like a padding bug.)
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56
3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x1000 -m tunnel -E aes-ctr
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";
Do not use AES-CTR with static keys! Re-use of keys with a stream
cipher will allow listeners to recover the plaintext.
(See section 7 of RFC 3686.)
but when I use "
ping6 -I rl0 -s 11(or 12,13,14) 3ffe:501:ffff:103:20a:ebff:fe85:9e56"
it is no problem
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
