Sunday, September 11, 2005

IPSec Interoperability Warning

For anyone trying to make IPSec work between Mac OS X (at least on 10.4.2) and OpenBSD (3.7), note that you need to be careful when choosing your cryptographic algorithm. Among the choices both OS's offer is AES (aka Rijndael), in the standard key sizes of 128, 192, and 256 bits. 128 bits is fine, but it seems (in my testing) that using AES-192 or AES-256 just does not work between Mac OS X and OpenBSD.

Since the 128 bit size works, it can't be a basic AES issue. Also, Blowfish works up to 448 bits, so it's not just a keysize issue either.

The neat trick is to figure out which side is "wrong" if one is...


Post a Comment

<< Home