[strongSwan-dev] PSEUDO_RANDOM_FUNCTION PRF_AES128_XCBC not supported!
Andreas Steffen
andreas.steffen at strongswan.org
Mon May 30 12:00:15 CEST 2016
Hi Siddesh,
check with the ipsec statusall command if the xcbc plugin
is loaded which is required for AES-XCBC support.
Regards
Andreas
On 30.05.2016 10:51, siddesh r wrote:
> Hi
>
> I using below transform set for ikev2
> conn net-net
> left=192.168.2.1
> leftauth=psk
> leftsubnet=22.1.0.0/16 <http://22.1.0.0/16>
> leftid=192.168.2.1
> leftfirewall=no
> right=192.168.2.2
> rightauth=psk
> rightsubnet=22.2.0.0/16 <http://22.2.0.0/16>
> rightid=192.168.2.2
> ike=aes128-aesxcbc-modp2048!
> auto=add
>
>
> And getting the below error, could any one let me know whether there is
> anything wrong in the configuration
>
>
> May 30 14:16:17 bgl-mitg-sim481 charon: 02[IKE] initiating IKE_SA
> net-net[2] to 192.168.2.2
> May 30 14:16:17 bgl-mitg-sim481 charon: 02[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> May 30 14:16:17 bgl-mitg-sim481 charon: 02[NET] sending packet: from
> 192.168.2.1[500] to 192.168.2.2[500]
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[NET] received packet: from
> 192.168.2.2[500] to 192.168.2.1[500]
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[ENC] parsed IKE_SA_INIT
> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] PSEUDO_RANDOM_FUNCTION
> PRF_AES128_XCBC not supported!
> May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] key derivation failed.
>
> Thanks in advance,
> Siddesh
>
>
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160530/dfe47c3e/attachment.bin>
More information about the Dev
mailing list