[strongSwan] aes256gcm and AES-NI

Hans-Kristian Bakke hkbakke at gmail.com
Fri Jul 13 21:10:45 CEST 2012


I recently upgraded the hardware of my VPN/Firewall running Debian
Wheezy amd64. I just moved the disk over and everything worked as
before except Strongswan.
I have used aes256gcm16! as my ESP algorithm for a long time now, but
now this fails. Or rather, it fails to establish the ESP because no
valid algorithms is found. aes128gcm16! and aes256ccm16 works
perfectly. aes256gcm8 also fails.
As the new hardware supports the AES NI instructions set, Linux also
enables the aesni_intel module. As this is the only difference I can
se between the two setups from strongswans perspective, I wonder if
this is a known issue?
Is aes256gcm not supported by the aesni_intel module?

I tried the latest 3.5 rc6 kernel with Debians Wheezys 3.2 config-file
too, but no difference.


Hans-Kristian Bakke
Mob: 91 76 17 38

More information about the Users mailing list