[strongSwan] How to specify AES128-XCBC as the PRF in strongswan-5.0.1?
gowrishankar
gowrishankar.m at linux.vnet.ibm.com
Thu Oct 18 09:34:16 CEST 2012
Hi Andreas,
Is there any support if strongswan can provide to explicitly mention
IKE integrity and PRF , in future ?
Below is what from earlier discussion, but not concluded.
http://thread.gmane.org/gmane.network.vpn.strongswan.user/2240
Will there be similar support to mention in ESP cipher suites as well ?
Thanks,
Gowri Shankar
On Tuesday 16 October 2012 11:21 AM, Andreas Steffen wrote:
> Hello Robert,
>
> in ipsec.conf currently the IKEv2 PRF cannot be configured
> independently of the IKEv2 integrity method.
>
> ike=aes128-aesxcbc-modp2048!
>
> configures both.
>
> Regards
>
> Andreas
>
> On 10/16/2012 07:43 AM, Robert Lee wrote:
>> Hi,
>>
>> How can I specify AES128-XCBC as the Pseudo Random Function in ipsec.conf?
>>
>> In the testing folder under
>> ~/strongswan-5.0.1/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat, I
>> see the following two lines from moon and carol:
>> moon:: ipsec statusall 2> /dev/null::rw.*IKE
>> proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
>> carol::ipsec statusall 2> /dev/null::home.*IKE
>> proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
>>
>> Looks like they are using PRF_AES128_XCBC already. But in the
>> corresponding moon's or carol's ipsec.conf, I only see
>> ike=aes128-aesxcbc-modp2048!
>> esp=aes128-aesxcbc-modp2048!
>>
>> So how can I make strongswan use AES128-XCBC as the designated PRF? Thank you!
>>
>> Robert
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>
More information about the Users
mailing list