[strongSwan] SHA2_256_128

gowrishankar gowrishankar.m at linux.vnet.ibm.com
Thu Mar 29 03:30:40 CEST 2012

On Wednesday 28 March 2012 11:51 PM, Eric_C_Johnson at Dell.com wrote:
> Hi.
> I have a situation where ESP packets appear to be getting mangled on 
> the remote peer whenever I use SHA2-256-128 for Phase2 (ESP).  I can 
> establish the SAs from the Strongswan to the remote peer no problem.  
> However, I get no packets returned after establishing the tunnel.  
>  The problem I am seeing is specific to this algorithm as I can get 
> SHA1 working without any issue.  I can also get SHA2_256_128 to work 
> for P1 negotiations as well.
> What I am trying to find out is if there is any additional logging 
> that I can enable on the Strongswan host

Did you have a chance to check:


Gowri Shankar

> that could shed some light as to what is being mangled.   I am 
> reversing the test to initiate from the remote peer thinking the 
> logging on Strongswan can help me understand what is wrong with the 
> ESP packets being sent.  I've confirmed via traces that the peer sends 
> the ESP packet to the Strongswan host but the logging doesn't show any 
> indication that it received the packet.  All I see are the regular DPD 
> log entries.  When I decrypt the trace using wireshark the packets are 
> not being interpreted correctly.  They should be IPv6 packets with an 
> attempt to establish an ftp session.  But wireshark interpret them as 
> IPv4 packets (???) with a bogus IP length.
> Can anybody help?
> Thanks in advance.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120329/d0ebbb62/attachment.html>

More information about the Users mailing list