Modular ALGO support version 0.7.2
Tested with 2.4.16, freeswan-1.95

CHANGES:
========
* v0.7.2: ESP auth, ipsec auto --status
* v0.6.3: REQUIRE esp=<algo> to negotiate algorithm

HOWTO-ipsec_ext.txt       --Juanjo <jjo-ipsec@mendoza.gov.ar> 07/02/02
====================        Linux IP Aliasing creator, IPMASQ 2.2 Maintainer
1) do patch freeswan sources with
a) BASE patch
   freeswan-ext-v0.7.2-1.95-BASE.diff.gz  *REQUIRED*
b) wanted ciphers (you can patch in any order)
     freeswan-ext-v0.7.2-1.95-ext_3des.diff.gz     ESP_3DES	=3
     freeswan-ext-v0.7.2-1.95-ext_aes-opt.diff.gz  ESP_AES	=12
     freeswan-ext-v0.7.2-1.95-ext_aes.diff.gz      ESP_AES	=12
     freeswan-ext-v0.7.2-1.95-ext_blowfish.diff.gz ESP_BLOWFISH	=7
     freeswan-ext-v0.7.2-1.95-ext_cast.diff.gz     ESP_CAST	=6
     freeswan-ext-v0.7.2-1.95-ext_null.diff.gz     ESP_NULL	=11
     freeswan-ext-v0.7.2-1.95-ext_serpent.diff.gz  ESP_SERPENT	=252
     freeswan-ext-v0.7.2-1.95-ext_twofish.diff.gz  ESP_TWOFISH	=252

     freeswan-ext-v0.7.2-1.95-ext_md5.diff.gz      HMAC_MD5	=1
     freeswan-ext-v0.7.2-1.95-ext_sha1.diff.gz     HMAC_SHA1	=2
     freeswan-ext-v0.7.2-1.95-ext_sha2.diff.gz     HMAC_SHA2_{256,512}	= 5,7
     freeswan-ext-v0.7.2-1.95-ext_ripemd.diff.gz   HMAC_RIPEMD	=8

  Eg: you want AES and TWOFISH ciphers:
	   cd /path/to/src/freeswan-1.95
	   zcat freeswan-ext-v0.7.2-1.95-BASE.diff.gz        | patch -p1 -s
	   zcat freeswan-ext-v0.7.2-1.95-ext_aes.diff.gz     | patch -p1 -s
	   zcat freeswan-ext-v0.7.2-1.95-ext_twofish.diff.gz | patch -p1 -s

2) Proceed as always with freeswan configuration/compilation,
   you must recompile KLIPS (kernel) _and_ pluto.

   For kernel config., these new kernel config items will appear:
    
>>  IPSEC Modular Extensions (CONFIG_IPSEC_EXT) [Y/n/?] y
>>       AES encryption algorithm (CONFIG_IPSEC_EXT_AES) [M/n/y/?] m
>>       TWOFISH encryption algorithm (CONFIG_IPSEC_EXT_TWOFISH) [M/n/y/?] m

   Compile, install, etc.
   Don't forget to compile&INSTALL PATCHED PLUTO.

3) Reload ipsec/pluto and insert algo module
	+ modprobe ipsec_aes
   Confirm algo is present with
	+ ipsec auto --status | egrep ESP
	000   algorithm ESP encrypt: id=3, name=ESP_3DES
	000   algorithm ESP encrypt: id=12, name=ESP_AES
	000   algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
	000   algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1

       
3) Edit connection parameters
   Add to your dotconf to the connection:
		esp=aes,3des
   and reload that configuration
	+ ipsec auto --replace <connection>

4) Bring up a connection against peer with AES support (eg. ditto patched peer)
	+ ipsec auto --up  <connection>
   Confirm
	+ ipsec spi | grep AES

4) Additional testing
   All modules accept test argument, eg:
	+ modprobe ipsec_aes test=1	# ask module to probe itself
	+ dmesg | tail -10		# show timing results
   
   Recommended comparison:    ipsec_3des vs ipsec_aes	8)