ipsec broken
Mao Mei
zyyhatcufe at gmail.com
Sun Dec 27 10:49:07 EST 2020
It seems that ipsec has been broken for a long time. see
https://forum.openwrt.org/t/ipsec-has-been-broken-for-a-while/81120
log on mt7621:
12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
12[KNL] got SPI cecfbd68
12[KNL] adding SAD entry with SPI cecfbd68 and reqid {1}
12[KNL] using encryption algorithm AES_CBC with key size 128
12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL] using replay window of 32 packets
12[KNL] HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI cecfbd68 (FAILED)
12[KNL] adding SAD entry with SPI 04c603db and reqid {1}
12[KNL] using encryption algorithm AES_CBC with key size 128
12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL] using replay window of 0 packets
12[KNL] HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI 04c603db (FAILED)
12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
12[IKE] failed to establish CHILD_SA, keeping IKE_SA
More information about the openwrt-devel
mailing list