[strongSwan] AES-GCM-16: payload length is not multiple of a blocksize
mkb at crypt.org.ru
Thu Aug 12 18:24:03 CEST 2010
I'm sorry if this is a wrong place to ask, but I hope I'll get some
hints as I'm not a Linux guy.
So I'm using strongswan-4.4.1 on ubuntu server 10.4 with an updated
kernel: linux-image-2.6.33-02063305-generic (with fixed SHA2) on one
end and OpenBSD with isakmpd on the other.
This is a strongswan config:
Now the problem is that 90% of packets sent by Linux box in the
quick mode (after establishing an IPsec connection) have a
payload which is not multiple of a cipher blocksize (16).
OpenBSD detects this early on and drops such packets (this
happens before the actual crypto processing).
Funny enough I don't see this happening with neither AES-CBC nor
More information about the Users