[strongSwan] ECDSA authentication in BSD
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jun 28 06:27:44 CEST 2012
Hi Chris,
the problem is not ECDSA authentication but the configuration of
AES-GCM in the kernel which is not possible because the PFKEY
interface does not support the configuration of ESP authenticated
encryption (AEAD) algorithms. I don't know whether BSD implements
AES-GCM at all and if yes, if BSD has defined a private extension of
the RFC 2367 PFKEYv2 interface.
Best regards
Andreas
On 06/27/2012 11:38 PM, Chris Rogers wrote:
> Hello,
>
> I'm still fairly new to StrongSwan, but have been working with advanced
> configuration settings in an attempt to implement a specific security
> protocol. In my tests, I've discovered that it works fine on Linux, but
> I've run into problems while trying to get it to work on BSD; namely, as
> BSD doesn't have netlink, I'm getting the 'unable to allocate SBIs from
> kernel' error.
>
> Excerpt from ipsec.conf:
>
> authby=ecdsasig
> esp=aes256gcm16!
> ike=aes256-sha2_384-ecp256
>
>
> Ultimately, what I would like to know is this: Does ecdsa authentication
> /require/ Linux Netlink, and if not how might I go about dealing with
> this error in BSD? If more information is needed I can provide it tomorrow.
>
> Chris
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list