[strongSwan-dev] Strongswan: ESP encryption priority is different in IKEv1 and IKEv2
jegathesh malaiyappan
mjegakathir at gmail.com
Tue Jul 23 16:17:10 CEST 2013
Hi All,
Strongswan: 4.5.3
Strongswan is selecting the different ESP encryption priority for *IKEv1*and
*IKEv2. *
Wha is the reason for this?
Node A: (Initiator)
=======
conn conn1
type=tunnel
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes128-sha1, 3des-sha1!
Node B: (Responder)
=======
conn conn1
type=tunnel
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
esp=3des-sha1,aes128-sha1!
<snip> IKEv1 O/P
ip x s
src 10.10.10.11 dst 10.10.10.10
proto esp spi 0xc39d392e reqid 16384 mode tunnel
replay-window 0 flag nopmtudisc 20
auth hmac(sha1) 0xd64a2161bbcb15cc8214e92a7e741ee7f6a42354
enc cbc(*des3_ede*)
0x49ef278b1f67549994c7d249a116a30214d30cee8970bdd9
src 10.10.10.10 dst 10.10.10.11
proto esp spi 0xc8ea85c3 reqid 16384 mode tunnel
replay-window 0 flag nopmtudisc 20
auth hmac(sha1) 0x08c788a2d2ce7a589eff32d9247e83a6ebd51c68
enc cbc(*des3_ede*)
0xc8114a2f0b28fe1f38a452798a63c786ba3fa909d5426e95
</snip>
*IKEv1*: Strongswan is selecting the *3DES* encryption method.
*IKEv2*: Strongswan is selecting the *AES* encryption method.
Could anyone clarify me the reason different encryption method chosen for *
IKEv1* and *IKEv2*?
Thanks.
Regards,
Jegathesh.M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130723/124034e6/attachment.html>
More information about the Dev
mailing list