[strongSwan] many cipher/hash modes seems to be unavailable

Christoph Anton Mitterer calestyo at scientia.net
Sun Oct 3 02:21:38 CEST 2010


Hi.

I'm using the Debian sid version of strongswan (without the ikev1
package).
I wanted to use
ike = aes256gcm128-sha512-modp2048
esp = aes256gcm128-sha512-modp2048

but if I set this on both hosts (host-to-host scenario with tunnel mode)
no tunnel seem to be set up.
Instead I get somethink like:
10/02/10 05:10:13 12[NET] sending packet: from 84.16.235.61[500] to
77.37.6.134[500]
10/02/10 05:10:13 03[NET] received packet: from 77.37.6.134[500] to
84.16.235.61[500]
10/02/10 05:10:13 03[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
10/02/10 05:10:13 03[IKE] received NO_PROPOSAL_CHOSEN notify error
10/02/10 05:10:41 00[DMN] signal of type SIGINT received. Shutting down

ipsec listall also shows me just these:
List of registered IKEv2 Algorithms:

  encryption: AES_CBC 3DES_CBC DES_CBC DES_ECB CAMELLIA_CBC RC5_CBC
IDEA_CBC CAST_CBC BLOWFISH_CBC NULL 
  integrity:  AES_XCBC_96 HMAC_SHA1_96 HMAC_SHA1_128 HMAC_SHA1_160
HMAC_SHA2_256_128 HMAC_MD5_96 HMAC_MD5_128 HMAC_SHA2_384_192
HMAC_SHA2_512_256 
  hasher:     HASH_SHA1 HASH_SHA224 HASH_SHA256 HASH_SHA384 HASH_SHA512
HASH_MD5 HASH_MD2 HASH_MD4 
  prf:        PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_XCBC
PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384
PRF_HMAC_SHA2_512 
  dh-group:   MODP_2048 MODP_2048_224 MODP_2048_256 MODP_1536 ECP_256
ECP_384 ECP_521 ECP_224 ECP_192 MODP_3072 MODP_4096 MODP_6144 MODP_8192
MODP_1024 MODP_1024_160 MODP_768 


What about all the GCM and CCM modes listed here:
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites ?

Thanks,
Chris.




More information about the Users mailing list