I have a working ipsec-tools configuration which uses aes-ctr encryption
with 224-bit key (192bit for key+32bit for nonce). Everything works well on
Here's what man setkey says about the key length:
aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03
Now, on 3.9.3 kernel the same config results in
line 3: Not supported at
parse failed, line 3.
The same message I've seen before when moving from some old kernel to 3.2.0
- it dropped 160-bit keys and and switching to 224 bit resolved the
problem. Now, on 3.9.3 any key length I try results in the same error
message. What is the key length that will work in 3.9.3 ? Did they drop
AES-CTR and I should use different algorithm ? I'm out of ideas...
setkey version is 0.8.0 on both kernels. Ubuntu precise.
Get latest updates about Open Source Projects, Conferences and News.