[strongSwan] many cipher/hash modes seems to be unavailable

Andreas Steffen andreas.steffen at strongswan.org
Sun Oct 3 12:26:13 CEST 2010 

Hi Chris,

IKEv2 support for the AEAD modes CCM and GCM will be introduced
with the forthcoming strongSwan release 4.5.0. Thus Debian sid
certainly does not support them. I you want to test IKEv2 AEAD,
please download the latest developers release

   http://download.strongswan.org/strongswan-4.5.0dr3.tar.bz2

Regards

Andreas

On 10/03/2010 02:21 AM, Christoph Anton Mitterer wrote:
> Hi.
>
> I'm using the Debian sid version of strongswan (without the ikev1
> package).
> I wanted to use
> ike = aes256gcm128-sha512-modp2048
> esp = aes256gcm128-sha512-modp2048
>
> but if I set this on both hosts (host-to-host scenario with tunnel mode)
> no tunnel seem to be set up.
> Instead I get somethink like:
> 10/02/10 05:10:13 12[NET] sending packet: from 84.16.235.61[500] to
> 77.37.6.134[500]
> 10/02/10 05:10:13 03[NET] received packet: from 77.37.6.134[500] to
> 84.16.235.61[500]
> 10/02/10 05:10:13 03[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
> 10/02/10 05:10:13 03[IKE] received NO_PROPOSAL_CHOSEN notify error
> 10/02/10 05:10:41 00[DMN] signal of type SIGINT received. Shutting down
>
> ipsec listall also shows me just these:
> List of registered IKEv2 Algorithms:
>
>    encryption: AES_CBC 3DES_CBC DES_CBC DES_ECB CAMELLIA_CBC RC5_CBC
> IDEA_CBC CAST_CBC BLOWFISH_CBC NULL
>    integrity:  AES_XCBC_96 HMAC_SHA1_96 HMAC_SHA1_128 HMAC_SHA1_160
> HMAC_SHA2_256_128 HMAC_MD5_96 HMAC_MD5_128 HMAC_SHA2_384_192
> HMAC_SHA2_512_256
>    hasher:     HASH_SHA1 HASH_SHA224 HASH_SHA256 HASH_SHA384 HASH_SHA512
> HASH_MD5 HASH_MD2 HASH_MD4
>    prf:        PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_XCBC
> PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384
> PRF_HMAC_SHA2_512
>    dh-group:   MODP_2048 MODP_2048_224 MODP_2048_256 MODP_1536 ECP_256
> ECP_384 ECP_521 ECP_224 ECP_192 MODP_3072 MODP_4096 MODP_6144 MODP_8192
> MODP_1024 MODP_1024_160 MODP_768
>
>
> What about all the GCM and CCM modes listed here:
> http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites ?
>
> Thanks,
> Chris.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list