[strongSwan] failing to decrypt esp

Martin Willi martin at strongswan.org
Wed Mar 6 15:39:28 CET 2013

> Here is the state on the ubuntu machine:

> auth-trunc hmac(sha1) 0x7198930c79ce8e6d60365a9f87212e365c596f4e (160 bits) 96
> enc cbc(aes) 0xce4e5ad80e7927091973c8d1de9aa30f (128 bits)

That looks much better.

> My DUT is using a Freescale BSP Linux 2.6.38 MIPS compiled with mc68. 

Either strongSwan gets something wrong while installing the SA on your
architecture, or our kernel is somehow broken. The easiest way to check
that is probably by installing some SAs manually, such as:

> ip xfrm state add src dst proto esp spi 012345 \
> mode tunnel reqid 1 enc aes 0x01020304050607080910111213141516 \
> auth sha1 0x0102030405060708091011121314151617181920


More information about the Users mailing list