[strongSwan] charon support for DES_MAC?
Andreas Steffen
andreas.steffen at strongswan.org
Wed Oct 19 21:32:11 CEST 2011
Hello François,
as you can see from our IKEv2 algorithm overview, strongSwan does
not support the DES_MAC integrity algorithm:
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
Why would you want to use such a weak algorithm anyway?
Regards
Andreas
On 10/19/2011 06:02 PM, François Ouellet wrote:
> Hello,
>
> I'm trying to setup a tunnel between a Digi WR44 and Strongswan 4.5.2
> (from Debian squeeze-backports).
>
> Here are the relevant (I think) logs from charon:
>
> charon: 15[CFG] received proposals:
> IKE:AES_CBC_128/DES_MAC/PRF_HMAC_SHA1/MODP_1536
> charon: 15[CFG] configured proposals:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/AES_XCBC_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
> charon: 15[IKE] received proposals inacceptable
>
> The DES_MAC part doesn't seem configurable on the WR44.
>
> I tried to add
>
> ike=aes128-des-sha1-modp1536
>
> in /etc/ipsec.conf but charon's proposal becomes
>
> AES_CBC_128/DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
>
> Is there any way to have charon accept WR44's proposal?
>
>
> Thank you
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list