Static IPsec (via setkey) and -A aes-xcbc-mac, how to?
Peter G.
freebsd at disroot.org
Mon Nov 27 05:21:38 UTC 2017
Hi, can somebody please show me the correct syntax of setting static SA
with aes-xcbc-mac authentication? I checked rfc3566, my "base"
encryption algo is aes-128, aes-xcbc-mac is supposed to work with a
128-bit (16 characters) long key. I don't seem to be able to set it up,
though.
Example (aes-cbc 128bit + supposedly aes-xcbc-mac):
add 10.10.1.1 10.10.2.2 esp 400 -m transport -u 400 -E rijndael-cbc
"abcdefghijklmnop" -A aes-xcbc-mac "1234567890123456";
ends up in an error:
line 5: Not supported at [1234567890123456]
parse failed, line 5.
The same syntax and appropriate key length work with anything else, e.g.
hmac-sha2-256 with 32 character long key works just fine.
Please advice.
PG
More information about the freebsd-net
mailing list