Hi, I want to use 256 bit crypto algorithm in my ipsec config.
I have something like this: ipsec sa add 1 spi 255128 esp tunnel-src 10.10.10.10 tunnel-dst 10.10.10.11 crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-256 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96 However, it gives me an error when I start vpp. ipsec sa: failed ipsec is not configured after the failure. vpp# sh ipsec all spd 1 ip4-outbound: ip6-outbound: ip4-inbound-protect: ip6-inbound-protect: ip4-inbound-bypass: ip6-inbound-bypass: SPD Bindings: 1 -> eth0 Tunnel interfaces vpp# When I change 256 to 128, everything works fine. Does this mean vpp ipsec only supports 128 ciphers? Or, I made some stupid mistakes? If I want to configure 256 bit ciphers, what shall I do? I attached the bad cfg file with 256 bit cipher, and good cfg file with 128 bit cipher. Thanks. Chuan
bad.cfg
Description: Binary data
good.cfg
Description: Binary data
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14124): https://lists.fd.io/g/vpp-dev/message/14124 Mute This Topic: https://lists.fd.io/mt/34400077/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
