[ILUG] IPSec, AES, ipsec-tools

[John Coleman]

I'm trying to setup an IPSec connection between two nodes over a WiFi
connection.
NodeA: Dual XP2400, 192.168.6.6
NodeB: MiniITX Nehemiah, 192.168.6.7

Both nodes are pretty much identically configured as far as networking
goes, both running 2.6.11.5.

I'm following the HOWTOs from http://www.ipsec-howto.org/x247.html and
http://lartc.org/howto/lartc.ipsec.html

/etc/ipsec-tools.conf
=======================================================
#Configuration for 192.168.6.6
flush;
spdflush;

# AH SAs using 128 bit long keys
#add 192.168.6.7 192.168.6.6 ah 0x200 -A hmac-md5 0x[whatever];
add 192.168.6.7 192.168.6.6 ah 0x200 -A aes-xcbc-mac 0x[whatever];
#add 192.168.6.6 192.168.6.7 ah 0x300 -A hmac-md5 0x[whatever];
add 192.168.6.6 192.168.6.7 ah 0x300 -A aes-xcbc-mac 0x[whatever];

# ESP SAs using 160 bit long keys (128 + 32 nonce)
add 192.168.6.7 192.168.6.6 esp 0x201 -E aes-ctr 0x[whatever];
add 192.168.6.7 192.168.6.6 esp 0x201 -E aes-ctr 0x[whatever];

# Security policies
spdadd 192.168.6.6 192.168.6.7 any -P out ipsec
           esp/transport//require
           ah/transport//require;

spdadd 192.168.6.7 192.168.6.6 any -P in ipsec
           esp/transport//require
           ah/transport//require;
=======================================================
I'm getting the following error:
binary:~# setkey -f /etc/ipsec-tools.conf
line 33: unsupported algorithm at [0xwhatever]
parse failed, line 33.

Line33 is the first AH entry.
I have the i586 and pure software AES ciphers compiled as modules on
NodeA, and PadlockAES compiled into the kernel on NodeB, and I get
similar errors on both machines.
The syntax doesn't seem to be the problem, because using hmac-md5 with
the same key works fine.
I need to use AES wherever possible as it is hardware-accelerated on
the MiniITX box.
Am I using the correct aalgo and ealgo aes titles?

Any help is greatly appreciated :)
-- 
John Coleman
Technical Officer
NUIG, Computer Society