[strongSwan] SHA2_256_128

Tobias Brunner tobias at strongswan.org
Thu Mar 29 09:35:47 CEST 2012

Hi Eric,

> I have a situation where ESP packets appear to be getting mangled on the
> remote peer whenever I use SHA2-256-128 for Phase2 (ESP).  I can
> establish the SAs from the Strongswan to the remote peer no problem. 
> However, I get no packets returned after establishing the tunnel.

Not sure if this applies here as you didn't mention the kernel versions
you are using, but Linux kernels before 2.6.33 incorrectly used a
truncation of 96 bit for SHA-256.  With strongSwan 4.3.6 we introduced
support for the configurable truncation length of newer kernels and the
default changed to 128 bit.  For compatibility with older kernels we
also added a new keyword (sha256_96) to negotiate the incorrect
truncation (this uses algorithm identifiers from the private range in
IKEv2, so it only works between two strongSwan hosts).  In your case the
other host might be using the incorrect truncation while the strongSwan
host expects a truncation of 128 bit.  By the way, Wireshark seems to
support both truncations, so you should be able to verify this easily.


More information about the Users mailing list