[strongSwan] Site-to-Site StrongSwan with a Cisco device

Andreas Steffen andreas.steffen at strongswan.org
Sun Feb 26 14:22:09 CET 2012


Hello Mo,

strongSwan is aware of the HMAC_MD5_128 algorithm

http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/crypto/signers/signer.h;h=e2c224d8bee787f045b1eac2de2042e23d3ee3b8;hb=HEAD#l47

but the current Linux kernel does not support an untruncated 128 bit
MD5 ESP HMAC, so there is not much sense in creating an esp= keyword
for it.

Regards

Andreas

On 02/26/2012 01:14 PM, Mohammady Mahdy wrote:
> Hi All,
>
> I am still new to StrongSwan, I am trying to connect to a Cisco device,
> testing on my local servers is working but I faced a problem when I
> attempted connecting to my external target. Mainly they require the
> following for authentication “ESP/MD5/HMAC-128”, In the wiki I can only
> see supported key size is 96 bits. Is there any way to do the connection
> via StrongSwan using the given authentication algorithm and key size?
>
> Thanks & Best Regards,
>
> Mo

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list