[strongSwan] AH mode support in Strongswan for Ikev1
Andreas Steffen
andreas.steffen at strongswan.org
Tue May 29 06:23:56 CEST 2012
Hi Simon,
you are lucky. AES-GMAC support for IKEv1 and IKEv2 was introduced
with strongSwan 4.4.0. But at least a 2.6.34 Linux kernel is
required.
Regards
Andreas
On 05/28/2012 10:32 PM, Simon Chan wrote:
> Hi Andreas,
>
> Is AES-GMAC a recent addition to StrongSwan? Is it supported in version
> 4.4.1?
> I searched for GMAC support earlier and found a post from you (back in
> 2009 I think) stating aes-gmac is not supported because the kernel does
> not support it and AH does not survive NAT-T.
>
> Regards,
> Simon
>
> ----- Original Message -----
> From: "Andreas Steffen" <andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>>
> To: "SaRaVanAn" <saravanan.nagarajan87 at gmail.com
> <mailto:saravanan.nagarajan87 at gmail.com>>
> Cc: <users at lists.strongswan.org <mailto:users at lists.strongswan.org>>
> Sent: Monday, May 28, 2012 7:54 AM
> Subject: Re: [strongSwan] [Strongswan] AH mode support in Strongswan for
> Ikev1
>
> Hello,
>
> AH withouth ESP is not supported by strongSwan IKEv1 (which goes all
> the way back to FreeS/WAN).
>
> With auth=esp which is the default you opt for ESP encryption and ESP's
> optional authentication mode.
>
> With auth=ah you get ESP encryption withouth ESP's optional
> authentication mode but you get AH on top of ESP instead.
>
> If you don't want to encrypt your packets please use either
> ESP NULL encryption
>
> http://www.strongswan.org/uml/testresults/ikev1/esp-alg-null
>
> or AES-GMAC
>
> http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gmac
>
> Regards
>
> Andreas
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list