[strongSwan] AH mode support in Strongswan for Ikev1
simon.chan3 at yahoo.ca
Mon May 28 22:32:53 CEST 2012
Is AES-GMAC a recent addition to StrongSwan? Is it supported in version 4.4.1?
I searched for GMAC support earlier and found a post from you (back in 2009 I think) stating aes-gmac is not supported because the kernel does not support it and AH does not survive NAT-T.
----- Original Message -----
From: "Andreas Steffen" <andreas.steffen at strongswan.org>
To: "SaRaVanAn" <saravanan.nagarajan87 at gmail.com>
Cc: <users at lists.strongswan.org>
Sent: Monday, May 28, 2012 7:54 AM
Subject: Re: [strongSwan] [Strongswan] AH mode support in Strongswan for Ikev1
AH withouth ESP is not supported by strongSwan IKEv1 (which goes all
the way back to FreeS/WAN).
With auth=esp which is the default you opt for ESP encryption and ESP's
optional authentication mode.
With auth=ah you get ESP encryption withouth ESP's optional
authentication mode but you get AH on top of ESP instead.
If you don't want to encrypt your packets please use either
ESP NULL encryption
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users