Herbert Xu schrieb: > Ingo Oeser <[EMAIL PROTECTED]> wrote: > > I'm just asking myself, why is AES-256 not announced by the IPsec > > framework? > It should work. Which user-space IPsec daemon are you using?
racoon 0.5.2 as Debian package (0.5.2-1) from sarge, kernel 2.6.11.12. I also used matching ipsec-tools. Situation: I tried to connect to a some Cisco 35xx (don't remember exactly) from a different company and there the IPsec phase2 announcement (ISAKMP was successful already) was seen as AES-128 always and I found no way to change that anywhere or even check whether the other technician was telling the truth. After the Cisco was set to accept proposal for AES-128 and not only AES-256 it worked immediately. But Dave S. Miller already gave an answer to the kernel part, so I guess this might be a racoon problem. If you are interested, we can discuss this issue further off-list or on the proper list for ipsec-tools. Regards Ingo Oeser - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
