[strongSwan-dev] Please advise which is the best option and a way forward

Noel Kuntze noel.kuntze+strongswan-dev-ml at thermi.consulting
Fri Oct 7 23:14:00 CEST 2022

Hi Hilly,

Some things.

GMAC is a MAC, not a cipher. AES-256 in the description means AES-CBC-256. The keyword for that is just "aes256".
Whether SHA256-128 or SHA256-96 depends on the other peer. the -96 version is the non-standardized one. Ask staff operating the other peer for details what they use.
You're more constrained by what the kernel you're using can do because it's processing the traffic (using the negotiated esp proposal).

The proposal your client asked for is ...

You can of course ask them to use AES-GCM and AES-XCBC.

Kind regards

On 07.10.22 10:04, Hilly B wrote:
> Hi Developers,
> We are running on Centos 7 and we have installed strongswan-5.7.2-1.el7.x86_64 already installed and the latest version.
> Our client will allow us to connect to them using:
> Phase 1:
> Authentication Method !! Pre-Shared Secret, to be exchanged over the phone (SMS) only
> Encryption Schema IKEv2
> Diffie-Hellman Group- IKE DH Group-19
> Encryption Algorithm AES-256
> Hashing Algorithm SHA-256
> PRF SHA-256
> Renegotiate IKE SA every 86400 seconds
> Phase 2:
> IPSec IPSec
> Encryption Algorithm IPSec AES-256
> Hashing Algorithm IPSec SHA-256
> Renegotiate IPSec SA every 28800 seconds
> Mode Main Mode
> I've been through the documentation from https://wiki.strongswan.org/projects/1/wiki/IKEv2CipherSuites <https://wiki.strongswan.org/projects/1/wiki/IKEv2CipherSuites>  and since we don't have Strong Swan 5.8.x we are limited in what we can use;
> _Option 1:_  We have asked the client if we can use these alternate protocols that are supported with Strongswan 5.7.
> For Phase 1:
> Instead of DH Group-19   use DH Group 18
> Instead of AES-256 use aes256gmac
> Instead of SHA-256 use sha256_96
> For PRF instead of SHA-256 use AES XCBC
> For Phase 2: IPsec
> Instead of AES-256 use aes256gmac
> Instead of SHA-256 use sha256_96
> Question 1:
> However it's not clear in the documentation https://wiki.strongswan.org/projects/1/wiki/IKEv2CipherSuites <https://wiki.strongswan.org/projects/1/wiki/IKEv2CipherSuites>. For IPsec and StrongSwan 5.7 can you use aes256gmac instead of AES-256 and sha256_96 instead of SHA-256?
> Question 2:
> If this is possible with StrongSwan 5.7 how do you implement aes256gmac
> IPSec Encryption Algorithm and sha256_96 IPSec Hashing Algorithm? Or are there alternate options supported by StrongSwan 5.7?
> _Option 2:_
> Build Strongswan 5.8.x on Centos 7
> However from this post it seems its may not work https://wiki.strongswan.org/issues/3229 <https://wiki.strongswan.org/issues/3229>
> Question3:
> Has anyone successfully built Strongswan 5.8.x or later on Centos 7 and if so would they be so kind as to share their instructions on how to do it?
> Thanks for any assistance.

Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C

More information about the Dev mailing list