[strongSwan] How to specify AES128-XCBC as the PRF in strongswan-5.0.1?
Andreas Steffen
andreas.steffen at strongswan.org
Tue Oct 16 07:51:47 CEST 2012
Hello Robert,
in ipsec.conf currently the IKEv2 PRF cannot be configured
independently of the IKEv2 integrity method.
ike=aes128-aesxcbc-modp2048!
configures both.
Regards
Andreas
On 10/16/2012 07:43 AM, Robert Lee wrote:
> Hi,
>
> How can I specify AES128-XCBC as the Pseudo Random Function in ipsec.conf?
>
> In the testing folder under
> ~/strongswan-5.0.1/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat, I
> see the following two lines from moon and carol:
> moon:: ipsec statusall 2> /dev/null::rw.*IKE
> proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
> carol::ipsec statusall 2> /dev/null::home.*IKE
> proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
>
> Looks like they are using PRF_AES128_XCBC already. But in the
> corresponding moon's or carol's ipsec.conf, I only see
> ike=aes128-aesxcbc-modp2048!
> esp=aes128-aesxcbc-modp2048!
>
> So how can I make strongswan use AES128-XCBC as the designated PRF? Thank you!
>
> Robert
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list