Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Aug 2015 17:18:21 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Sydney Meyer <meyer.sydney@googlemail.com>
Cc:        FreeBSD CURRENT <freebsd-current@freebsd.org>
Subject:   Re: IPSEC stop works after r285336
Message-ID:  <20150804001821.GI78154@funkthat.com>
In-Reply-To: <D7F8E74C-F58E-4051-A35A-3FCC44A0007F@googlemail.com>
References:  <20150729071732.GA78154@funkthat.com> <55B8CD6C.7080804@shurik.kiev.ua> <18D9D532-15B2-4B30-B088-74E7E4566254@googlemail.com> <20150801200137.GK78154@funkthat.com> <422BE6C0-B106-44E2-927A-7AE04885251F@googlemail.com> <20150802035359.GO78154@funkthat.com> <D7F8E74C-F58E-4051-A35A-3FCC44A0007F@googlemail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--xesSdrSSBC0PokLI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Sydney Meyer wrote this message on Mon, Aug 03, 2015 at 01:15 +0200:
> the revision i built included gnn's patches to setkey already.
> 
> I have tried to setup a tunnel using strongswan with gcm as esp cipher mode, but the connection fails with "algorithm AES_GCM_16 not supported by kernel"..

It looks like GCM isn't compiled by default by the port...  Try the
attached patch to
src/libhydra/plugings/kernel_pfkey/kernel_pfkey_ipsec.c...  it may
require more modifications...

Someone else would be better to work on this...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

--xesSdrSSBC0PokLI
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="strongswan.patch"

--- kernel_pfkey_ipsec.c.orig	2015-08-03 17:15:48.676749000 -0700
+++ kernel_pfkey_ipsec.c	2015-08-03 17:16:40.987182000 -0700
@@ -822,13 +822,13 @@
 /*	{ENCR_DES_IV32,				0							}, */
 	{ENCR_NULL,					SADB_EALG_NULL				},
 	{ENCR_AES_CBC,				SADB_X_EALG_AESCBC			},
-/*	{ENCR_AES_CTR,				SADB_X_EALG_AESCTR			}, */
+	{ENCR_AES_CTR,				SADB_X_EALG_AESCTR			},
 /*  {ENCR_AES_CCM_ICV8,			SADB_X_EALG_AES_CCM_ICV8	}, */
 /*	{ENCR_AES_CCM_ICV12,		SADB_X_EALG_AES_CCM_ICV12	}, */
 /*	{ENCR_AES_CCM_ICV16,		SADB_X_EALG_AES_CCM_ICV16	}, */
 /*	{ENCR_AES_GCM_ICV8,			SADB_X_EALG_AES_GCM_ICV8	}, */
 /*	{ENCR_AES_GCM_ICV12,		SADB_X_EALG_AES_GCM_ICV12	}, */
-/*	{ENCR_AES_GCM_ICV16,		SADB_X_EALG_AES_GCM_ICV16	}, */
+	{ENCR_AES_GCM_ICV16,		SADB_X_EALG_AESGCM16	},
 	{END_OF_LIST,				0							},
 };
 

--xesSdrSSBC0PokLI--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150804001821.GI78154>