[strongSwan] SHA2_256_128
gowrishankar
gowrishankar.m at linux.vnet.ibm.com
Thu Mar 29 03:30:40 CEST 2012
On Wednesday 28 March 2012 11:51 PM, Eric_C_Johnson at Dell.com wrote:
>
> Hi.
>
> I have a situation where ESP packets appear to be getting mangled on
> the remote peer whenever I use SHA2-256-128 for Phase2 (ESP). I can
> establish the SAs from the Strongswan to the remote peer no problem.
> However, I get no packets returned after establishing the tunnel.
> The problem I am seeing is specific to this algorithm as I can get
> SHA1 working without any issue. I can also get SHA2_256_128 to work
> for P1 negotiations as well.
>
> What I am trying to find out is if there is any additional logging
> that I can enable on the Strongswan host
>
Did you have a chance to check:
http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
Regards,
Gowri Shankar
> that could shed some light as to what is being mangled. I am
> reversing the test to initiate from the remote peer thinking the
> logging on Strongswan can help me understand what is wrong with the
> ESP packets being sent. I've confirmed via traces that the peer sends
> the ESP packet to the Strongswan host but the logging doesn't show any
> indication that it received the packet. All I see are the regular DPD
> log entries. When I decrypt the trace using wireshark the packets are
> not being interpreted correctly. They should be IPv6 packets with an
> attempt to establish an ftp session. But wireshark interpret them as
> IPv4 packets (???) with a bogus IP length.
>
> Can anybody help?
>
> Thanks in advance.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120329/d0ebbb62/attachment.html>
More information about the Users
mailing list