[strongSwan] AH mode support in Strongswan for Ikev1

Andreas Steffen andreas.steffen at strongswan.org
Tue May 29 06:23:56 CEST 2012


Hi Simon,

you are lucky. AES-GMAC support for IKEv1 and IKEv2 was introduced
with strongSwan 4.4.0. But at least a 2.6.34 Linux kernel is
required.

Regards

Andreas

On 05/28/2012 10:32 PM, Simon Chan wrote:
> Hi Andreas,
>  
> Is AES-GMAC a recent addition to StrongSwan? Is it supported in version
> 4.4.1?
> I searched for GMAC support earlier and found a post from you (back in
> 2009 I think) stating aes-gmac is not supported because the kernel does
> not support it and AH does not survive NAT-T.
>  
> Regards,
> Simon
>  
> ----- Original Message -----
> From: "Andreas Steffen" <andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>
> To: "SaRaVanAn" <saravanan.nagarajan87 at gmail.com
> <mailto:saravanan.nagarajan87 at gmail.com>>
> Cc: <users at lists.strongswan.org <mailto:users at lists.strongswan.org>>
> Sent: Monday, May 28, 2012 7:54 AM
> Subject: Re: [strongSwan] [Strongswan] AH mode support in Strongswan for
> Ikev1
> 
> Hello,
> 
> AH withouth ESP is not supported by strongSwan IKEv1 (which goes all
> the way back to FreeS/WAN).
> 
> With auth=esp which is the default you opt for ESP encryption and ESP's
> optional authentication mode.
> 
> With auth=ah you get ESP encryption withouth ESP's optional
> authentication mode but you get AH on top of ESP instead.
> 
> If you don't want to encrypt your packets please use either
> ESP NULL encryption
> 
>   http://www.strongswan.org/uml/testresults/ikev1/esp-alg-null
> 
> or AES-GMAC
> 
>   http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gmac
> 
> Regards
> 
> Andreas
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list