<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Courier New">Hello,<br>
      <br>
      I'm trying to set up an ikev2/host2host-ah connection according to
<a class="moz-txt-link-freetext" href="https://www.strongswan.org/testing/testresults/ikev2/host2host-ah/index.html">https://www.strongswan.org/testing/testresults/ikev2/host2host-ah/index.html</a>
      page.<br>
      The connection is successfully established when I'm using the
      aesxcbc integrity algorithm (as in the example).<br>
      See ipsec_listalgs__2.txt, ipsec_status__2.txt and
      ipsec_up_host-host_transport_ah_aesxcbc__2.txt files.<br>
      <br>
      But, according to our customer's requirements, I have to use
      aes128gmac integrity algorithm.<br>
      So I changed the "ah=aesxcbc" to "ah=aes128gmac" in the ipsec.conf
      file.<br>
      The connection could not be established with the new setting (see
      ipsec_up_host-host_transport_ah_aes128gmac__2.txt file).<br>
      <br>
      My test environment (both hosts):<br>
      - Debian 8.6 VM<br>
      - StongSwan 5.5.1 (built as Debian has StrongSwan 5.2.1 by
      default)<br>
      <br>
      Anybody have an idea what could be wrong?<br>
      <br>
      Best regards,<br>
      Gyula Kovacs<br>
      <br>
    </font>
  </body>
</html>