Date: Mon, 27 Nov 2017 06:15:10 +0100 From: "Peter G." <freebsd@disroot.org> To: freebsd-net@freebsd.org Subject: Static IPsec (via setkey) and -A aes-xcbc-mac, how to? Message-ID: <faa08146-39f4-5ece-ce65-792113898ffc@disroot.org>
next in thread | raw e-mail | index | archive | help
Hi, can somebody please show me the correct syntax of setting static SA with aes-xcbc-mac authentication? I checked rfc3566, my "base" encryption algo is aes-128, aes-xcbc-mac is supposed to work with a 128-bit (16 characters) long key. I don't seem to be able to set it up, though. Example (aes-cbc 128bit + supposedly aes-xcbc-mac): add 10.10.1.1 10.10.2.2 esp 400 -m transport -u 400 -E rijndael-cbc "abcdefghijklmnop" -A aes-xcbc-mac "1234567890123456"; ends up in an error: line 5: Not supported at [1234567890123456] parse failed, line 5. The same syntax and appropriate key length work with anything else, e.g. hmac-sha2-256 with 32 character long key works just fine. Please advice. PG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?faa08146-39f4-5ece-ce65-792113898ffc>