<div dir="ltr">Hi Andreas, <div><br></div><div>Thanks for the reply, I tried but it didn't worked for me. </div><div><br></div><div>my config - </div><div><br></div><div><div>conn support-node</div><div> authby=secret</div><div> auto=start</div><div> type=tunnel</div><div> left=172.19.17.23</div><div> leftid=5.6.7.8</div><div> leftsubnet=<a href="http://172.19.0.0/16">172.19.0.0/16</a></div><div> leftauth=psk</div><div> right=1.2.3.4</div><div> rightsubnet=<a href="http://10.10.0.0/16">10.10.0.0/16</a></div><div> rightauth=psk</div><div> ike=aes256gcm12-modp1536</div><div> esp=aes256gcm12-modp1536</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 21, 2016 at 6:53 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Sandeep,<br>
<br>
since AES-GCM is an authenticated encryption algorithm<br>
no hash algorithm is needed in the esp statement:<br>
<br>
esp=aes256gcm12-modp1536<br>
<br>
Regards<br>
<br>
Andreas<div><div class="h5"><br>
<br>
On 21.06.2016 16:27, sandeep dubey wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi, s<br>
<br>
I am new to strongswan world and have successfully setup a tunnel<br>
between two AWS's VPC, But i have to make some changes in config to<br>
comply with security requirement which is not working even after<br>
multiple tries. I went through old bug for intel-eni which was fixed but<br>
couldn't find any way to check and confirm if i have that fix or not.<br>
<br>
Bug ref. - <a href="http://wiki.strongswan.org/issues/341" rel="noreferrer" target="_blank">http://wiki.strongswan.org/issues/341</a><br>
Fix ref. - <a href="https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2" rel="noreferrer" target="_blank">https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2</a><br>
<br>
The only difference in my working config and not working config is as<br>
below -<br>
<br>
Working with -<br>
ike=aes128-sha1-modp1024<br>
esp=aes128-sha1-modp1024<br>
<br>
Not working with -<br>
ike=aes256gcm12-sha256-modp1536<br>
esp=aes256gcm12-sha256-modp1536<br>
<br>
<br>
I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic<br>
#129-Ubuntu SMP.<br>
<br>
Can someone help me ?<br>
<br>
--<br>
Regards,<br>
Sandeep<br>
</blockquote>
<br></div></div>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Regards,<div>Sandeep</div></div></div>
</div>