[strongSwan] Regarding Key Generation in strongswan 4.2.8

Bhatt, Rakshesh 1. (NSN - IN/Bangalore) rakshesh.1.bhatt at nsn.com
Sun Sep 7 20:34:48 CEST 2014

Hi Andreas,

Thanks for the quick response! My system has QNX. Maybe I'll check QNX manuals to find this out. Would you know if QNX entropy pool includes clock-source? When I change the clock-source, the IPSEC tunnel goes for a toss because it seems that the keys are no more aligned between client and server!


-----Original Message-----
From: ext Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: Sunday, September 07, 2014 10:44 PM
To: Bhatt, Rakshesh 1. (NSN - IN/Bangalore); users at lists.strongswan.org
Subject: Re: [strongSwan] Regarding Key Generation in strongswan 4.2.8

Hi Rakshesh,

by default strongSwan is using its random plugin to get random
material from the Linux /dev/urandom device. Depending on the system
setup, multiple random sources are feeding into the Linux entropy pool.
You have to check on your system which entropy sources are available.

Best regards


On 09/07/2014 04:38 PM, Bhatt, Rakshesh 1. (NSN - IN/Bangalore) wrote:
> Hi,
> We are using strongswan version 4.2.8. My question is : Is system time /
> clock-source one of the inputs for the algorithm that generates Child SA
> and IKE keys?
> Regards,
> Rakshesh

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list