Hello, I was willing to benchmark and compare a few IPSEC settings and I noticed twofish-cbc does not seem to be available, although it is referenced in the manual. Seen on NetBSD/amd64 9.0. Is this a known issue? I tried with 128 and 256 bit keys, same result. No probem with blowfish-cbc and cast128-cbc.
# vi /etc/ipsec.conf add OFFICEPUB1 OFFICEPUB2 esp 13245 -E twofish-cbc 0x...some-pseudo-random-key...; add OFFICEPUB2 OFFICEPUB1 esp 13246 -E twofish-cbc 0x...some-other-pseudo-random-key...; spdadd SUBNET1/24 SUBNET2/24 any -P out ipsec esp/tunnel/OFFICEPUB1-OFFICEPUB2/require; spdadd SUBNET2/24 SUBNET1/24 any -P in ipsec esp/tunnel/OFFICEPUB2-OFFICEPUB1/require; # /etc/rc.d/ipsec restart Clearing ipsec manual keys/policies. Installing ipsec manual keys/policies. line 1: unsupported algorithm at [0x...some-pseudo-random-key...] parse failed, line 1. https://netbsd.gw.com/cgi-bin/man-cgi?setkey https://netbsd.gw.com/cgi-bin/man-cgi?setkey++NetBSD-current Good old KAME is much appreciated, thank you. -- Pierre-Philipp
