[strongSwan] Issue with SHA256_96

Andreas Steffen andreas.steffen at strongswan.org
Sat Dec 15 19:27:41 CET 2012


Hi Mohit,

why would you want to negotiate SHA256_96 with a newer
kernel if the standard is SHA256_128 and can simply
be configured with

   esp=aes128-sha256-modp2048!

IKE never supported SHA256_96, so your configuration
is not valid. Thus better use

   ike=aes128-sha256-modp2048!

Regards

Andreas

On 15.12.2012 18:32, Mohit Sharma wrote:
> hi ,
> I have strongswan stack setup with the following hosts
>
> host a
> left=10.10.10.2
> right=50.50.50.2
> ike=aes128-sha256_96-modp2048!
> esp=aes128-sha256_96-modp2048!
>
>
> host b
> left=50.50.50.2
> right=10.10.10.2
> ike=aes128-sha256_96-modp2048!
> esp=aes128-sha256_96-modp2048!
>
>
> But there is a problem in phase 1 proposal selection,i have a linux
> kernel version newer than 2.6.33,but still both host cant negotiate on
> sha256_96 ,please tell me if iam configuring it correctly,seconldy if
> its correct to use sha256_96 with linux versions later than 2.6.33 plus
> how to negotiate on sha256_96 on the same kernels.
>
>
> --
> Best Regards
> Mohit
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121215/ec1d467a/attachment.bin>


More information about the Users mailing list