[strongSwan] Issue with AES-GCM algo on strongswan

sunny kumar sunnykumar.18jun at gmail.com
Fri Jul 10 10:04:44 CEST 2015


Hi,

Thanks, it worked when i built the gcm plugins and then loaded it.

Regards,
Sunny

On 7 July 2015 at 13:13, Zhuyj <mounter625 at 163.com> wrote:

> do you check server and client?
>
>
> 发自我的 iPhone
>
> 在 2015年7月7日,15:11,Sunny Kumar <Sunny2.Kumar at aricent.com> 写道:
>
>  Hi ,
>
>
>
> Thanks for the help, I have added “aes128gcm128” in strongswan.conf but
> still getting the same issue.
>
>
>
> load = aes128gcm128 aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509
> curl revocation hmac stroke kernel-netlink socket-default fips-prf
> eap-identity eap-aka eap-aka-3gpp2 updown
>
>
>
>
>
> I checked the list of registered IKE algorithms and I cant see AES-GCM in
> the list.
>
>
>
> List of registered IKE algorithms:
>
>
>
>   encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des]
>
>   integrity:  HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac]
> HMAC_MD5_96[hmac] HMAC_MD5_128[hmac]
>
>                       HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac]
> HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac]
>
>                       HMAC_SHA2_512_256[hmac] HMAC_SHA2_512_512[hmac]
>
>   aead:
>
>   hasher:     HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2]
> HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
>
>   prf:             PRF_KEYED_SHA1[sha1] PRF_HMAC_SHA1[hmac]
> PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_256[hmac]
>
>                       PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac]
> PRF_FIPS_SHA1_160[fips-prf]
>
>   dh-group:   MODP_2048[gmp] MODP_2048_224[gmp] MODP_2048_256[gmp]
> MODP_1536[gmp] MODP_3072[gmp] MODP_4096[gmp]
>
>               MODP_6144[gmp] MODP_8192[gmp] MODP_1024[gmp]
> MODP_1024_160[gmp] MODP_768[gmp] MODP_CUSTOM[gmp]
>
>   random-gen: RNG_STRONG[random] RNG_TRUE[random]
>
>   nonce-gen:  [nonce]
>
>
>
>
>
> Please let me know if I am missing something.
>
>
>
> Regards,
>
> Sunny
>
>
>
> *From:* users-bounces at lists.strongswan.org [
> mailto:users-bounces at lists.strongswan.org
> <users-bounces at lists.strongswan.org>] *On Behalf Of *Zhuyj
> *Sent:* Tuesday, July 07, 2015 11:11 AM
> *To:* sunny kumar
> *Cc:* users at lists.strongswan.org
> *Subject:* Re: [strongSwan] Issue with AES-GCM algo on strongswan
>
>
>
> Load all modules in strong swan.cnf
>
> 发自我的 iPhone
>
>
> 在 2015年7月7日,13:33,sunny kumar <sunnykumar.18jun at gmail.com> 写道:
>
>  Hi,
>
>
>
> I am using strongswan client for EAP-AKA scenario.
>
>
>
> In ipsec.conf I have added following parameter for IKE SA negotiation :
>
>
>
> *ike=aes128gcm128-sha1-modp2048,3des-sha1-modp2048!*
>
>
>
> When client (strongswan) recieves IKE_SA_INIT response it gives an error
> --
>
> *ENCRYPTION_ALGORITHM AES_GCM_16 (key size 128) not supported.*
>
>
>
>
>
> Can anyone advice on above.
>
>
>
> Thanks and regards,
>
> Sunny
>
>  _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>  "DISCLAIMER: This message is proprietary to Aricent and is intended
> solely for the use of the individual to whom it is addressed. It may
> contain privileged or confidential information and should not be circulated
> or used for any purpose other than for what it is intended. If you have
> received this message in error, please notify the originator immediately.
> If you are not the intended recipient, you are notified that you are
> strictly prohibited from using, copying, altering, or disclosing the
> contents of this message. Aricent accepts no responsibility for loss or
> damage arising from the use of the information transmitted by this email
> including damage from virus."
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150710/d67d200c/attachment.html>


More information about the Users mailing list