Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
IPsec: algorithm CHACHA20_POLY1305 not supported by kernel
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPsec: algorithm CHACHA20_POLY1305 not supported by kernel (Read 1586 times)
mfedv
Newbie
Posts: 43
Karma: 6
IPsec: algorithm CHACHA20_POLY1305 not supported by kernel
«
on:
November 25, 2020, 08:31:02 pm »
(opnsense 20.7.5)
Hi,
tried to set up IPsec parameters better suitable for my old atom netbook
which lacks aes-ni (hardware support for AES). Without AES in hardware,
the best crypto suite for Authenticated Encryption would be
ChaCha20-Poly1305.
It is not available in Openvpn GUI, but I could manually compose a
strongswan connection definition at
/usr/local/etc/ipsec.opnsense.d/xyz.conf
The GUI shows this connection at VPN / IPsec / Status Overview (nice!)
Establishing an IKE_SA (using AES) works, but setup of CHILD_SA (using
ChaCha20) fails on opnsense with this message:
algorithm CHACHA20_POLY1305 not supported by kernel!
I found a message from 2015 that HardenedBSD removed ChaCha20:
https://hardenedbsd.org/article/shawn-webb/2015-02-05/removal-chacha20-import
Anybody know of plans to add it back?
Regards
Matthias
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
IPsec: algorithm CHACHA20_POLY1305 not supported by kernel