Date: Tue, 4 Oct 2022 08:58:23 -0700 From: John Baldwin <jhb@FreeBSD.org> To: alfadev <alfadev@protonmail.com>, "freebsd-current@FreeBSD.org" <freebsd-current@FreeBSD.org> Subject: Re: How to Enable support for IPsec deprecated algorithms: 3DES, MD5-HMAC Message-ID: <79536835-6ebe-4bad-c5b7-71632323cbb9@FreeBSD.org> In-Reply-To: <FrYE0Wy9SlEb4a6GfDGsEjms1MiVhEhVcWwdvc0SvLck_mxAfGwY4DwXYdzZajZrMxuqkho6pRa5rbwXDJUA39ZlYwJuGuHX4YmXOT-Medw=@protonmail.com> References: <FrYE0Wy9SlEb4a6GfDGsEjms1MiVhEhVcWwdvc0SvLck_mxAfGwY4DwXYdzZajZrMxuqkho6pRa5rbwXDJUA39ZlYwJuGuHX4YmXOT-Medw=@protonmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/4/22 1:53 AM, alfadev wrote: > Hi, i am trying to move my gateway from FreeBSD 11.0 to FreeBSD 14.0 to use > newly added ipfw table lookup for mac addresses (https://reviews.freebsd.org/D35103) > > Also I have too many IPSec connections between fortigate, cisco etc. > And their operators use only 3DES algorithms and they have no intention to change it for me. > So, now i have to enable 3DES support for FreeBSD 14.0 . > > To add 3DES support again i changed some files shown below. > I am not sure what i did any help welcomes. You do not want to just restore the files as-is. You instead want to revert some of the diffs from the first commit. The second commit for /dev/crypto doesn't matter for IPsec and you can ignore it. However, you will need to also partially revert commit 0e00c709d7f1cdaeb584d244df9534bcdd0ac527 which removes DES and 3DES from OCF itself. This is what removed enc_xform_des for example. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79536835-6ebe-4bad-c5b7-71632323cbb9>