Hi Chris, the problem is not ECDSA authentication but the configuration of AES-GCM in the kernel which is not possible because the PFKEY interface does not support the configuration of ESP authenticated encryption (AEAD) algorithms. I don't know whether BSD implements AES-GCM at all and if yes, if BSD has defined a private extension of the RFC 2367 PFKEYv2 interface.
Best regards Andreas On 06/27/2012 11:38 PM, Chris Rogers wrote: > Hello, > > I'm still fairly new to StrongSwan, but have been working with advanced > configuration settings in an attempt to implement a specific security > protocol. In my tests, I've discovered that it works fine on Linux, but > I've run into problems while trying to get it to work on BSD; namely, as > BSD doesn't have netlink, I'm getting the 'unable to allocate SBIs from > kernel' error. > > Excerpt from ipsec.conf: > > authby=ecdsasig > esp=aes256gcm16! > ike=aes256-sha2_384-ecp256 > > > Ultimately, what I would like to know is this: Does ecdsa authentication > /require/ Linux Netlink, and if not how might I go about dealing with > this error in BSD? If more information is needed I can provide it tomorrow. > > Chris ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
