[ILUG] IPSec, AES, ipsec-tools
Bryan O'Donoghue
typedef at eircom.net
Fri Apr 1 11:19:41 IST 2005
John Coleman wrote:
[deletia]
> # AH SAs using 128 bit long keys
> #add 192.168.6.7 192.168.6.6 ah 0x200 -A hmac-md5 0x[whatever];
> add 192.168.6.7 192.168.6.6 ah 0x200 -A aes-xcbc-mac 0x[whatever];
> #add 192.168.6.6 192.168.6.7 ah 0x300 -A hmac-md5 0x[whatever];
> add 192.168.6.6 192.168.6.7 ah 0x300 -A aes-xcbc-mac 0x[whatever];
>
> # ESP SAs using 160 bit long keys (128 + 32 nonce)
> add 192.168.6.7 192.168.6.6 esp 0x201 -E aes-ctr 0x[whatever];
> add 192.168.6.7 192.168.6.6 esp 0x201 -E aes-ctr 0x[whatever];
[deletia]
> =======================================================
> I'm getting the following error:
> binary:~# setkey -f /etc/ipsec-tools.conf
> line 33: unsupported algorithm at [0xwhatever]
> parse failed, line 33.
>
> Line33 is the first AH entry.
> I have the i586 and pure software AES ciphers compiled as modules on
> NodeA, and PadlockAES compiled into the kernel on NodeB, and I get
> similar errors on both machines.
> The syntax doesn't seem to be the problem, because using hmac-md5 with
> the same key works fine.
Bah.... I should be clearer.
Do you have md5 software modules loaded on both machines ?
More information about the ILUG
mailing list