[strongSwan] received netlink error: No such file or directory (2) -- 96-bit truncation issue?
Martin Willi
martin at strongswan.org
Fri Jan 17 10:30:08 CET 2014
Hi Aaron,
> I'm trying to setup StrongSwan (4.5.2) on a fairly old kernel (2.6.31)
> Jan 16 18:21:32 15[KNL] adding SAD entry with SPI c02c6c28 and reqid {2}
> Jan 16 18:21:32 15[KNL] using encryption algorithm AES_CBC with key size 128
> Jan 16 18:21:32 15[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
> Jan 16 18:21:32 15[KNL] received netlink error: No such file or directory (2)
> Previous discussions on this mailing list suggested using the
> esp=aes128-sha256_96 option
I don't think this is related to truncation: Truncation usually is an
issue with HMAC-SHA256 only, as older strongSwan releases on older
kernels used 96 bit instead of the standardized 128 bit truncation. And
on older kernels you can't use SHA256 MACs, as there is no 128 bit
truncation.
> I do know that the sha and md5 algorithms exist
Most likely it's not about crypto algorithms itself, but missing modules
for IPsec transformation?
Have a look at [1] and check if your kernel has the required
modules/options.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
More information about the Users
mailing list