On Fri, Dec 23, 2005 at 12:27:55PM -0500, Will H. Backman wrote:
According to the vpn(8) man page:
Paragraph just before section header for Creating IPsec Flows [manual
keying]
Note that when no authentication and encryption algorithms are defined,
ipsecctl(8) will automatically use HMAC-SHA2-256 for authentication and
AES-128 in countermode for encryption. Therefore the authentication key
needs to be 256 bits long; the encryption key 128 bits. For details see
ipsec.conf(5).
If I create an ipsec.conf file that does not define an authentication or
encryption algorithm, I get warnings if my encryption key is less than
160 bits. Man page states that it must be at least 128.
fixed in -current now. thanks for the mail.
jmc