[leaf-user] ipsec/openswan 2.4.2
Hi all, i just finished packaging openswan 2.4.2 for bering-uclibc and did some initial testing, i am just wondering if someone else is using openswan/ipsec and is willing to test it, too. --arne -- Arne Bernin <[EMAIL PROTECTED]> http://www.ucBering.de --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ipsec/openswan 2.4.2
Hello Arne, I don't understand openswan 2.x. It doesn't have SHA2 (which I use). Can't modularize ciphers; no blowfish (missing usual ALGs). I tried using cryptoapi's sha512 but that didn't work. I tried searching the openswan mailing list, found a couple of similar concerns, but no answers. Perhaps I'm asking some dumb questions? I've downgraded to 1.0.9 on kernel 2.4.32. Effectively, a 2.4 ucBering hybrid. Here are the offending config lines: 2.4.32: CONFIG_KLIPS=m # # IPsec options (Openswan) # CONFIG_KLIPS_IPIP=y CONFIG_KLIPS_AH=y CONFIG_KLIPS_ESP=y CONFIG_KLIPS_ENC_3DES=y CONFIG_KLIPS_ENC_AES=y CONFIG_KLIPS_AUTH_HMAC_MD5=y CONFIG_KLIPS_AUTH_HMAC_SHA1=y CONFIG_KLIPS_ALG=y # CONFIG_KLIPS_IPCOMP is not set CONFIG_KLIPS_DEBUG=y CONFIG_IPSEC_NAT_TRAVERSAL=y 2.4.31 (the more familiar): CONFIG_IPSEC=m # # IPSec options (FreeS/WAN) # CONFIG_IPSEC_IPIP=y CONFIG_IPSEC_AH=y CONFIG_IPSEC_AUTH_HMAC_MD5=y CONFIG_IPSEC_AUTH_HMAC_SHA1=y CONFIG_IPSEC_ESP=y CONFIG_IPSEC_ENC_3DES=y CONFIG_IPSEC_ALG=y CONFIG_IPSEC_ALG_MD5=m CONFIG_IPSEC_ALG_SHA1=m CONFIG_IPSEC_ALG_SHA2=m <-- look sha2 CONFIG_IPSEC_ALG_3DES=m CONFIG_IPSEC_ALG_AES=m CONFIG_IPSEC_ALG_BLOWFISH=m <-- and all CONFIG_IPSEC_ALG_TWOFISH=m <-- these CONFIG_IPSEC_ALG_SERPENT=m <-- other CONFIG_IPSEC_ALG_CAST=m <-- ciphers CONFIG_IPSEC_ALG_NULL=m # CONFIG_IPSEC_ALG_CRYPTOAPI is not set # CONFIG_IPSEC_ALG_1DES is not set CONFIG_IPSEC_IPCOMP=y CONFIG_IPSEC_DEBUG=y CONFIG_IPSEC_NAT_TRAVERSAL=y Any thoughts on getting strongswan to work with ucBering? Arne Bernin wrote: > Hi all, > > i just finished packaging openswan 2.4.2 for bering-uclibc and did some > initial testing, i am just wondering if someone else is using > openswan/ipsec and is willing to test it, too. > > --arne > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ipsec/openswan 2.4.2
Cpu, If I'm not mistaken you have to use the standard kernel ciphers, openswan doesn't use its own anymore. # # Cryptographic options # CONFIG_CRYPTO=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_MD4=m CONFIG_CRYPTO_MD5=m CONFIG_CRYPTO_SHA1=m CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_DES=m CONFIG_CRYPTO_BLOWFISH=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_AES=m .. Eric > Hello Arne, > > > I don't understand openswan 2.x. It doesn't have SHA2 (which I use). > Can't > modularize ciphers; no blowfish (missing usual ALGs). I tried using > cryptoapi's sha512 but that didn't work. I tried searching the openswan > mailing list, found a couple of similar concerns, but no answers. Perhaps > I'm asking some dumb questions? I've downgraded to 1.0.9 on kernel > 2.4.32. > Effectively, a 2.4 ucBering hybrid. > > > Here are the offending config lines: > > > 2.4.32: > > > CONFIG_KLIPS=m > # > # IPsec options (Openswan) > # > CONFIG_KLIPS_IPIP=y > CONFIG_KLIPS_AH=y > CONFIG_KLIPS_ESP=y > CONFIG_KLIPS_ENC_3DES=y > CONFIG_KLIPS_ENC_AES=y > CONFIG_KLIPS_AUTH_HMAC_MD5=y > CONFIG_KLIPS_AUTH_HMAC_SHA1=y > CONFIG_KLIPS_ALG=y > # CONFIG_KLIPS_IPCOMP is not set > CONFIG_KLIPS_DEBUG=y > CONFIG_IPSEC_NAT_TRAVERSAL=y > > > 2.4.31 (the more familiar): > > > CONFIG_IPSEC=m > # > # IPSec options (FreeS/WAN) > # > CONFIG_IPSEC_IPIP=y > CONFIG_IPSEC_AH=y > CONFIG_IPSEC_AUTH_HMAC_MD5=y > CONFIG_IPSEC_AUTH_HMAC_SHA1=y > CONFIG_IPSEC_ESP=y > CONFIG_IPSEC_ENC_3DES=y > CONFIG_IPSEC_ALG=y > CONFIG_IPSEC_ALG_MD5=m > CONFIG_IPSEC_ALG_SHA1=m > CONFIG_IPSEC_ALG_SHA2=m <-- look sha2 > CONFIG_IPSEC_ALG_3DES=m > CONFIG_IPSEC_ALG_AES=m > CONFIG_IPSEC_ALG_BLOWFISH=m <-- and all > CONFIG_IPSEC_ALG_TWOFISH=m <-- these > CONFIG_IPSEC_ALG_SERPENT=m <-- other > CONFIG_IPSEC_ALG_CAST=m <-- ciphers > CONFIG_IPSEC_ALG_NULL=m > # CONFIG_IPSEC_ALG_CRYPTOAPI is not set > # CONFIG_IPSEC_ALG_1DES is not set > CONFIG_IPSEC_IPCOMP=y > CONFIG_IPSEC_DEBUG=y > CONFIG_IPSEC_NAT_TRAVERSAL=y > > > > Any thoughts on getting strongswan to work with ucBering? > > > Arne Bernin wrote: > >> Hi all, >> >> >> i just finished packaging openswan 2.4.2 for bering-uclibc and did > some >> initial testing, i am just wondering if someone else is using >> openswan/ipsec and is willing to test it, too. >> >> --arne >> >> > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > > > --- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ipsec/openswan 2.4.2
Hello Cpu, I looked through the openswan source, it seems that those ciphers are linked into pluto. Eric > Hello Arne, > > > I don't understand openswan 2.x. It doesn't have SHA2 (which I use). > Can't > modularize ciphers; no blowfish (missing usual ALGs). I tried using > cryptoapi's sha512 but that didn't work. I tried searching the openswan > mailing list, found a couple of similar concerns, but no answers. Perhaps > I'm asking some dumb questions? I've downgraded to 1.0.9 on kernel > 2.4.32. > Effectively, a 2.4 ucBering hybrid. > > > Here are the offending config lines: > > > 2.4.32: > > > CONFIG_KLIPS=m > # > # IPsec options (Openswan) > # > CONFIG_KLIPS_IPIP=y > CONFIG_KLIPS_AH=y > CONFIG_KLIPS_ESP=y > CONFIG_KLIPS_ENC_3DES=y > CONFIG_KLIPS_ENC_AES=y > CONFIG_KLIPS_AUTH_HMAC_MD5=y > CONFIG_KLIPS_AUTH_HMAC_SHA1=y > CONFIG_KLIPS_ALG=y > # CONFIG_KLIPS_IPCOMP is not set > CONFIG_KLIPS_DEBUG=y > CONFIG_IPSEC_NAT_TRAVERSAL=y > > > 2.4.31 (the more familiar): > > > CONFIG_IPSEC=m > # > # IPSec options (FreeS/WAN) > # > CONFIG_IPSEC_IPIP=y > CONFIG_IPSEC_AH=y > CONFIG_IPSEC_AUTH_HMAC_MD5=y > CONFIG_IPSEC_AUTH_HMAC_SHA1=y > CONFIG_IPSEC_ESP=y > CONFIG_IPSEC_ENC_3DES=y > CONFIG_IPSEC_ALG=y > CONFIG_IPSEC_ALG_MD5=m > CONFIG_IPSEC_ALG_SHA1=m > CONFIG_IPSEC_ALG_SHA2=m <-- look sha2 > CONFIG_IPSEC_ALG_3DES=m > CONFIG_IPSEC_ALG_AES=m > CONFIG_IPSEC_ALG_BLOWFISH=m <-- and all > CONFIG_IPSEC_ALG_TWOFISH=m <-- these > CONFIG_IPSEC_ALG_SERPENT=m <-- other > CONFIG_IPSEC_ALG_CAST=m <-- ciphers > CONFIG_IPSEC_ALG_NULL=m > # CONFIG_IPSEC_ALG_CRYPTOAPI is not set > # CONFIG_IPSEC_ALG_1DES is not set > CONFIG_IPSEC_IPCOMP=y > CONFIG_IPSEC_DEBUG=y > CONFIG_IPSEC_NAT_TRAVERSAL=y > > > > Any thoughts on getting strongswan to work with ucBering? > > > Arne Bernin wrote: > >> Hi all, >> >> >> i just finished packaging openswan 2.4.2 for bering-uclibc and did > some >> initial testing, i am just wondering if someone else is using >> openswan/ipsec and is willing to test it, too. >> >> --arne >> >> > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > > > --- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
