[strongSwan] configuring gcm mode on android

Tobias Brunner tobias at strongswan.org
Thu Jan 12 10:41:27 CET 2012

Hi Bill,

> I want to use the gcm block cypher. (esp=aes128cgm16-sha256!)
> I added gcm to the Android.mk in the strongswan_CHARON_PLUGINS list and
> also added it to the Android.mk in src/libstrongswan.

The gcm plugin you activated with the above is for strongSwan internal
use with the key exchange protocol IKEv2 and not on the IPsec level with
ESP, which is what you want to enable with the esp= option.  Since ESP
is handled by the Linux kernel you have to build your own kernel with
CRYPTO_GCM enabled in the options.  So if you don't want to actually use
AES-GCM with IKEv2 itself you don't have to do anything special when
building strongSwan.

> The server was configured using --enable-gcm option and an ipsec listall
> seems to confirm that the server supports it.

Same applies here, --enable-gcm only enables GCM for IKEv2.  Depending
on the Linux distribution you use, GCM may already be enabled in the
default kernel.


More information about the Users mailing list