[strongSwan] SHA2_256_128

Eric_C_Johnson at Dell.com Eric_C_Johnson at Dell.com
Wed Mar 28 20:21:15 CEST 2012


I have a situation where ESP packets appear to be getting mangled on the remote peer whenever I use SHA2-256-128 for Phase2 (ESP).  I can establish the SAs from the Strongswan to the remote peer no problem.  However, I get no packets returned after establishing the tunnel.   The problem I am seeing is specific to this algorithm as I can get SHA1 working without any issue.  I can also get SHA2_256_128 to work for P1 negotiations as well.

What I am trying to find out is if there is any additional logging that I can enable on the Strongswan host that could shed some light as to what is being mangled.   I am reversing the test to initiate from the remote peer thinking the logging on Strongswan can help me understand what is wrong with the ESP packets being sent.  I've confirmed via traces that the peer sends the ESP packet to the Strongswan host but the logging doesn't show any indication that it received the packet.  All I see are the regular DPD log entries.  When I decrypt the trace using wireshark the packets are not being interpreted correctly.  They should be IPv6 packets with an attempt to establish an ftp session.  But wireshark interpret them as IPv4 packets (???) with a bogus IP length.

Can anybody help?

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120328/acc437ba/attachment.html>

More information about the Users mailing list