Project

General

Profile

Bug #2324

AES 256 doesn't work with glxsb

Added by Todd Blum over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
03/29/2012
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:
i386

Description

Enabling glxsb on Alix board (Netgate m1n1wall 2D13) prevents AES256 IPSec Phase2 connections from establishing:

Mar 27 16:31:44 racoon: ERROR: pfkey ADD failed: Invalid argument
Mar 27 16:31:44 racoon: ERROR: pfkey UPDATE failed: Invalid argument
Mar 27 16:31:44 racoon: WARNING: attribute has been modified.
Mar 27 16:31:44 racoon: [Tiffen interface for Akers]: INFO: initiate new phase 2 negotiation: my.ip.add.ress500<=>rem.ote.ip.adr500

I believe the remote side is Cisco IOS or ASA.   I am running 2.0.1-RELEASE (i386).  Other users have reported similar behavior: http://forum.pfsense.org/index.php?topic=47701.new

History

#1 Updated by Chris Buechler over 7 years ago

  • Subject changed from IPSec Phase2 will not establish on Alix board with glxsb enabled to AES 256 doesn't work with glxsb
  • Category set to Operating System
  • Status changed from New to Feedback
  • Affected Version changed from 2.0.1 to All

this is an OS issue outside our control, try with 2.1 which has a newer base OS.

#2 Updated by Chris Buechler over 7 years ago

  • Status changed from Feedback to Closed

This has been opened as a FreeBSD PR. glxsb only supports AES128, anything higher breaks which it technically shouldn't, but it can't accelerate that anyway.

Also available in: Atom PDF