ipsec broken

Mao Mei zyyhatcufe at gmail.com
Sun Dec 27 10:49:07 EST 2020


It seems that ipsec has been broken for a long time. see
https://forum.openwrt.org/t/ipsec-has-been-broken-for-a-while/81120

log on mt7621:

12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
12[KNL] got SPI cecfbd68
12[KNL] adding SAD entry with SPI cecfbd68 and reqid {1}
12[KNL]   using encryption algorithm AES_CBC with key size 128
12[KNL]   using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL]   using replay window of 32 packets
12[KNL]   HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI cecfbd68 (FAILED)
12[KNL] adding SAD entry with SPI 04c603db and reqid {1}
12[KNL]   using encryption algorithm AES_CBC with key size 128
12[KNL]   using integrity algorithm HMAC_SHA1_96 with key size 160
12[KNL]   using replay window of 0 packets
12[KNL]   HW offload: no
12[KNL] received netlink error: No such file or directory (2)
12[KNL] unable to add SAD entry with SPI 04c603db (FAILED)
12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
12[IKE] failed to establish CHILD_SA, keeping IKE_SA



More information about the openwrt-devel mailing list