[strongSwan] Trying to use pcrypt

Nicolas Fitton NF at post-quantum.com
Mon Jun 5 18:53:41 CEST 2017 

Hello,
I an trying to setup parallel crypto, however I’m having issues with getting tcrypt and crconf to take the algorithms. I’ve tried following the instructions here: https://wiki.strongswan.org/projects/strongswan/wiki/Pcrypt#Expected-Result, but I’ve come up empty handed.


modprobe tcrypt alg="pcrypt(authenc(hmac(sha256),cbc(aes)))" type=3

Gives me the following error:
ERROR: could not insert ’tcrypt’: Unknown symbol in module, or unknown parameter (see dmesg)

And

crconf add driver "pcrypt(authenc(hmac(sha256),cbc(aes)))" type 3

Gives me:
RTNETLINK answers: No such file or directory

I’ve made sure to read the forums and mailing lists and haven’t found anything similar other than http://users.strongswan.narkive.com/m8FMnxaH/aes-gcm-for-esp#post11 however I could not solve the issue with it, my config files are as follows:

IPSec.conf:
```
ipsec.conf - strongSwan IPsec configuration file
# This file does needs altering

# basic configuration

ca post-quantum
    cacert=ca-cert.pem
    auto=add

config setup
    charondebug="ike 4, lib 4"
    # strictcrlpolicy=yes
    # uniqueids = no

conn %default
    dpdaction=clear
    dpdtimeout=15s
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev2
    ike=aes256-sha256-modp3072
    mobike=no

conn nick-net
    left=192.168.221.58
    leftcert=remote-vpn-cert.pem
    leftid="C=GB, O=Post-Quantum, CN=remote-vpn.postquantum.net<http://remote-vpn.postquantum.net>"
    right=192.168.221.43
    rightid="C=GB, O=Post-Quantum, CN=local-vpn.postquantum.net<http://local-vpn.postquantum.net>"
    auto=add
```

Strongswan.conf:
 ```
# strongswan.conf - strongSwan configuration file
# Refer to the strongswan.conf(5) manpage for details
# Configuration changes should be made in the included files
# This file does not need altering

charon {
    load = random nonce aes sha1 sha2 sha3 chapoly pem pkcs1 gmp x509 curl mgf1 newhope revocation hmac stroke kernel-netlink socket-default updown ha
    multiple_authentication = no
    send_vendor_id = yes

    # load_modular = yes
    plugins {
        include strongswan.d/charon/*.conf
    }
}

#include strongswan.d/*.conf
```
Any advice is greatly appreciated,
Kind regards
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170605/2c9980b3/attachment.html>

More information about the Users mailing list