[strongSwan] Site-to-Site StrongSwan with a Cisco device
Mohammady Mahdy
mohammady.mahdy at getmo.com
Mon Feb 27 15:18:57 CET 2012
Thanks :)
-----Original Message-----
From: Tobias Brunner [mailto:tobias at strongswan.org]
Sent: Monday, February 27, 2012 5:48 PM
To: Mohammady Mahdy
Cc: 'Andreas Steffen'; users at lists.strongswan.org
Subject: Re: [strongSwan] Site-to-Site StrongSwan with a Cisco device
Hi Mo,
> Does that mean it cannot be done?
Recent kernel versions (>= 2.6.33, I think) actually support a variable truncation length. I added support for HMAC_MD5_128 and HMAC_SHA1_160, which are both defined in RFC 4595 (see [1] for the patch). They are not part of charon's default proposal, so you have to manually configure
md5_128 and/or sha1_160 with the esp option in ipsec.conf.
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=686cfd4e
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2114/4835 - Release Date: 02/27/12
More information about the Users
mailing list