[FS#916] GCM isn't enabled in kernel by default IPsec config

LEDE Bugs lede-bugs at lists.infradead.org
Wed Jul 19 13:46:21 PDT 2017


A new Flyspray task has been opened.  Details are below. 

User who did this - roysjosh (roysjosh) 

Attached to Project - LEDE Project
Summary - GCM isn't enabled in kernel by default IPsec config
Task Type - Bug Report
Category - Kernel
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details -  I'm running a Linksys EA4500 with 17.01-SNAPSHOT r3466-f6907dc.  While attempting to configure strongswan to use aes-gcm, I get:
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL] adding SAD entry with SPI cd903db2 and reqid {1}
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL]   using encryption algorithm AES_GCM_16 with key size 160
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL]   using replay window of 32 packets
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL] received netlink error: Function not implemented (38)
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL] unable to add SAD entry with SPI cd903db2
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL] adding SAD entry with SPI 6109fc7b and reqid {1}
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL]   using encryption algorithm AES_GCM_16 with key size 160
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL]   using replay window of 0 packets
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL] received netlink error: Function not implemented (38)
Wed Jul 19 16:18:30 2017 daemon.info : 14[KNL] unable to add SAD entry with SPI 6109fc7b
Wed Jul 19 16:18:30 2017 daemon.info : 14[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
Wed Jul 19 16:18:30 2017 daemon.info : 14[IKE] failed to establish CHILD_SA, keeping IKE_SA

Which leads me to https://wiki.strongswan.org/issues/2121 which then caused me to notice that PACKAGE_kmod-ipsec doesn't pull in kmod-crypto-gcm.  Please consider enabling GCM in the default kernel IPsec config.


More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=916



More information about the lede-bugs mailing list