[strongSwan] Failure of chacha algorithm use?

Andreas Steffen andreas.steffen at strongswan.org
Fri Aug 5 14:33:30 CEST 2022


Hi Michael,

swanctl shows IKE algorithms only, loaded ESP algorithms are not
reported.

On my Ubuntu 22.04 system "sudo modprobe chachapoly1305" loads CHACHA
AEAD support in the kernel and is then listed by "lsmod".

Regards Andreas


On 05.08.22 10:03, Michael Schwartzkopff wrote:
> Hi,
> 
> 
> we wanted to do the use the CHACHA (chacha20poly1305) for ESP encryption.
> 
> We have a self-compiled kernel and a self-compiled strongswan (5.9.5) on 
> our embedded device.
> 
> On our test systems (ubuntu, Alma) everything works. But the embedded 
> systems logs:
> 
> 
> [ENC] parsed CREATE_CHILD_SA response 3 [ N(USE_TRANSP) SA No KE TSi TSr ]
> [CFG] selected proposal: ESP:CHACHA20_POLY1305/CURVE_25519/NO_EXT_SEQ
> [KNL] received netlink error: No such file or directory (2)
> [KNL] unable to add SAD entry with SPI c9760420 (FAILED)
> 
> 
> # swanctl -g tells us:
> 
> (...)
> 
> aead:
> (...)
> 
>    CHACHA20_POLY1305[openssl]
> 
> 
> Do we miss a kernel module?
> 
> As far as I can see, we compiled the necessary module into the kernel, 
> which option would the algorithm be in the kernel?
> 
> 
> Mit freundlichen Grüßen,
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
======================================================================


More information about the Users mailing list