Actions
Bug #2324
closed
AES 256 doesn't work with glxsb
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
03/29/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
i386
Description
Enabling glxsb on Alix board (Netgate m1n1wall 2D13) prevents AES256 IPSec Phase2 connections from establishing:
Mar 27 16:31:44 racoon: ERROR: pfkey ADD failed: Invalid argument
Mar 27 16:31:44 racoon: ERROR: pfkey UPDATE failed: Invalid argument
Mar 27 16:31:44 racoon: WARNING: attribute has been modified.
Mar 27 16:31:44 racoon: [Tiffen interface for Akers]: INFO: initiate new phase 2 negotiation: my.ip.add.ress500<=>rem.ote.ip.adr500
I believe the remote side is Cisco IOS or ASA. I am running 2.0.1-RELEASE (i386). Other users have reported similar behavior: http://forum.pfsense.org/index.php?topic=47701.new
Updated by Chris Buechler over 12 years ago
- Subject changed from IPSec Phase2 will not establish on Alix board with glxsb enabled to AES 256 doesn't work with glxsb
- Category set to Operating System
- Status changed from New to Feedback
- Affected Version changed from 2.0.1 to All
this is an OS issue outside our control, try with 2.1 which has a newer base OS.
Updated by Chris Buechler over 12 years ago
- Status changed from Feedback to Closed
This has been opened as a FreeBSD PR. glxsb only supports AES128, anything higher breaks which it technically shouldn't, but it can't accelerate that anyway.
Actions