[strongSwan] Netlink error Invalid Argument(22)

Thomas Egerer hakke_007 at gmx.de
Tue Sep 17 08:43:52 CEST 2013


On 09/17/2013 05:45 AM, A Lee wrote:
> Hi,
> 
> Thanks for suggestion.
> 
> Kernel module for sha256 is already there and also loaded.
> 
> My kernel 2.6.18-128.el5
> 
> Also sha2 support is there.
> 
> output of 'grep sha2 /proc/crypto' is ----
> 
> name:         sha256 driver:          sha256-generic module:       sha256
Hi,

charon request the crypto algorithm 'hmac(sha256)' (this was
changed with 4.3.6), while your kernel algorithm list for ipsec
(xfrm) provides this algorithm under the name 'sha256'.
Bottom line is, you need to
a) update your kernel to at least 2.6.19,
b) downgrade your strongswan version to 4.3.5,
c) modify your strongswan-source and rebuild like this:

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 2f8cb6b..9a1330f 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -211,7 +211,7 @@ static kernel_algorithm_t integrity_algs[] = {
 	{AUTH_HMAC_SHA1_96,			"sha1"				},
 	{AUTH_HMAC_SHA1_160,		"hmac(sha1)"		},
 	{AUTH_HMAC_SHA2_256_96,		"sha256"			},
-	{AUTH_HMAC_SHA2_256_128,	"hmac(sha256)"		},
+	{AUTH_HMAC_SHA2_256_128,	"sha256"			},
 	{AUTH_HMAC_SHA2_384_192,	"hmac(sha384)"		},
 	{AUTH_HMAC_SHA2_512_256,	"hmac(sha512)"		},
 /*	{AUTH_DES_MAC,				"***"				}, */

I would not recommend b), so if you really need to stick to your
kernel-version, try option c).

Hope that helps,

Cheers,
Thomas




More information about the Users mailing list