[strongSwan] How to specify AES128-XCBC as the PRF in strongswan-5.0.1?
Robert Lee
rleeatgm at gmail.com
Tue Oct 16 07:43:08 CEST 2012
Hi,
How can I specify AES128-XCBC as the Pseudo Random Function in ipsec.conf?
In the testing folder under
~/strongswan-5.0.1/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat, I
see the following two lines from moon and carol:
moon:: ipsec statusall 2> /dev/null::rw.*IKE
proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
carol::ipsec statusall 2> /dev/null::home.*IKE
proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
Looks like they are using PRF_AES128_XCBC already. But in the
corresponding moon's or carol's ipsec.conf, I only see
ike=aes128-aesxcbc-modp2048!
esp=aes128-aesxcbc-modp2048!
So how can I make strongswan use AES128-XCBC as the designated PRF? Thank you!
Robert
More information about the Users
mailing list