Summary: | FreeSwan with "Extended Algos" | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Philipp Morger <philipp.morger> |
Component: | New packages | Assignee: | Mobile Herd (OBSOLETE) <mobile+disabled> |
Status: | RESOLVED INVALID | ||
Severity: | enhancement | CC: | aliz, lostlogic |
Priority: | High | ||
Version: | 1.3 | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
New Algos for freeswan
All New cutting edge freeswan (sha2, aes, blowfish... and more!) |
Description
Philipp Morger
2002-08-09 14:57:07 UTC
Created attachment 2950 [details, diff]
New Algos for freeswan
a small example how the extensions are used conn uml1-uml2 # Left (freeswan-1.98b + alg-0.8.0 ) left=192.168.2.18 leftsubnet=10.1.18.0/24 leftrsasigkey=0s....... # Right (freeswan-1.98b + alg-0.8.0 ) right=192.168.2.20 rightsubnet=10.1.20.0/24 rightrsasigkey=0s....... # To authorize this connection, but not actually start it, at startup, # uncomment this. auto=add auth=esp #authby=secret authby=rsasig pfs=yes # #freeswan-alg 0.7.x+ required for esp= parameter # #esp=twofish256 esp=aes128-md5,aes128-sha2_256 #esp=aes128 # #freeswan-alg 0.8.x+ required for pfsgroup= parameter pfsgroup=modp1536 # # #freeswan-alg 0.8.x+ required for ike= parameter # #ike=aes128-md5 ike=aes256-md5-modp4096 #ike=aes128-sha2_256 #ike=twofish-sha2_256 #ike=serpent-sha2_256 I finally managed to get AES, BLOWFISH and SHA2 running.... the trick is to go into the freeswan dir (ebuild unpack) and run "make menugo" - in the network options are now the Ciphers available.... I just don't know how to make that work with an ebuild... hmm... I'm still no step further... I think best is to call "make menugo" so the user has the choice to include the ciphers he want's... but that violates sandbox (as it patches the kernel) a few words of advice would be welcome Created attachment 3860 [details]
All New cutting edge freeswan (sha2, aes, blowfish... and more!)
This attach is a new made ebuild, it may solves the problem I encountered... I hope I solved 'em in a sane way... any feedback is welcome. These patches are probably unfit to use in our freeswan ebuild and the functionality is present in superfreeswan. |