[ipsec] aes-ctr question
wang_jiabo
jiabwang at redhat.com
Mon Dec 1 18:31:23 PST 2008
Hello, all:
following is my setkey configration. I can get SAD and SPD. but when I
run " ping6 -I rl0 3ffe:501:ffff:103:20a:ebff:fe85:9e56 " on FreeBSD
FreeBSD report: kernel: esp_aesctr_decrypt aes-ctr:payload length must
be multiple of 16
kernel: decrypt fail in IPv6 ESP input :
SA(SPI 8192 src=3ffe:0501:ffff:0103:020a:ebff:fe85:9e56
dst=3ffe:0501:ffff:0104:021d:0fff:fe19:59fc)
but when I use "ping6 -I rl0 -s 11(or 12 or 13 or 14)
3ffe:501:ffff:103:20a:ebff:fe85:9e56"
that the ping pass. I read RFC, did not find the explain. could you give
me a explain?
Thanks
flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56
3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x1000 -m tunnel -E aes-ctr
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56
3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec
esp/tunnel/3ffe:501:ffff:103:20a:ebff:fe85:9e56-3ffe:501:ffff:104:21d:fff:fe19:59fc/require;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc
3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x2000 -m tunnel -E aes-ctr
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc
3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out ipsec
esp/tunnel/3ffe:501:ffff:104:21d:fff:fe19:59fc-3ffe:501:ffff:103:20a:ebff:fe85:9e56/require;
More information about the freebsd-net
mailing list