[strongSwan-dev] PSEUDO_RANDOM_FUNCTION PRF_AES128_XCBC not supported!

Andreas Steffen andreas.steffen at strongswan.org
Mon May 30 12:00:15 CEST 2016 

Hi Siddesh,

check with the ipsec statusall command if the xcbc plugin
is loaded which is required for AES-XCBC support.

Regards

Andreas

On 30.05.2016 10:51, siddesh r wrote:
> Hi
>
> I using below transform set for ikev2
> conn net-net
>          left=192.168.2.1
>          leftauth=psk
>          leftsubnet=22.1.0.0/16 <http://22.1.0.0/16>
>          leftid=192.168.2.1
>          leftfirewall=no
>          right=192.168.2.2
>          rightauth=psk
>          rightsubnet=22.2.0.0/16 <http://22.2.0.0/16>
>          rightid=192.168.2.2
>          ike=aes128-aesxcbc-modp2048!
>          auto=add
>
>
> And getting the below error, could any one let me know whether there is
> anything wrong in the configuration
>
>
> May 30 14:16:17 bgl-mitg-sim481 charon: 02[IKE] initiating IKE_SA
> net-net[2] to 192.168.2.2
> May 30 14:16:17 bgl-mitg-sim481 charon: 02[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> May 30 14:16:17 bgl-mitg-sim481 charon: 02[NET] sending packet: from
> 192.168.2.1[500] to 192.168.2.2[500]
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[NET] received packet: from
> 192.168.2.2[500] to 192.168.2.1[500]
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[ENC] parsed IKE_SA_INIT
> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] PSEUDO_RANDOM_FUNCTION
> PRF_AES128_XCBC not supported!
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] key derivation failed.
>
> Thanks in advance,
> Siddesh
>
>
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
>

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160530/dfe47c3e/attachment.bin>

More information about the Dev mailing list