[strongSwan] Site-to-Site StrongSwan with a Cisco device
Tobias Brunner
tobias at strongswan.org
Mon Feb 27 14:47:35 CET 2012
Hi Mo,
> Does that mean it cannot be done?
Recent kernel versions (>= 2.6.33, I think) actually support a variable
truncation length. I added support for HMAC_MD5_128 and HMAC_SHA1_160,
which are both defined in RFC 4595 (see [1] for the patch). They are
not part of charon's default proposal, so you have to manually configure
md5_128 and/or sha1_160 with the esp option in ipsec.conf.
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=686cfd4e
More information about the Users
mailing list