the defaults are hmac-sha2-256 and aesctr which uses a 160 bit key.
On Wed, Dec 21, 2005 at 03:25:26PM -0500, Will H. Backman wrote:
> OpenBSD 3.8 release.
> I'm getting the same errors as this thread:
> http://archives.neohapsis.com/archives/openbsd/2005-11/1980.html
> I'm trying to use as many defaults as possible in this test setup, and
> sha1 is not being chosen by the defaults. Any ideas?
>
> Here is my ipsec.conf (yes, key values are just for testing):
> flow esp from 192.168.71.129 to 192.168.71.128
> esp from 192.168.71.129 to 192.168.71.128 spi 0x1000:0x1001 authkey
> 0x0000000000000000000000000000000000000000000000000000000000000000:0x0000000000000000000000000000000000000000000000000000000000000001
>
> enckey
> 0x0000000000000000000000000000000000000000000000000000000000000000:0x0000000000000000000000000000000000000000000000000000000000000001
>
> Here is the output from ipsecctl -vv -f /etc/ipsec.conf:
> @0 flow esp out from 192.168.71.129 to 192.168.71.128 peer 192.168.71.128
> type require
> @1 flow esp in from 192.168.71.128 to 192.168.71.129 peer 192.168.71.128
> type use
> @2 esp from 192.168.71.129 to 192.168.71.128 spi 0x00001000 auth
> hmac-sha2-256 enc aesctr
> authkey
> 0x0000000000000000000000000000000000000000000000000000000000000000
> enckey
> 0x0000000000000000000000000000000000000000000000000000000000000000
> @3 esp from 192.168.71.128 to 192.168.71.129 spi 0x00001001 auth
> hmac-sha2-256 enc aesctr
> authkey
> 0x0000000000000000000000000000000000000000000000000000000000000001
> enckey
> 0x0000000000000000000000000000000000000000000000000000000000000001
> ipsecctl: writev failed: Invalid argument
> ipsecctl: failed to add rule 2
> ipsecctl: writev failed: Invalid argument
> ipsecctl: failed to add rule 3
