[strongSwan] failure with ike using sha2
Andreas Steffen
andreas.steffen at strongswan.org
Fri Mar 27 22:00:46 CET 2015
Hi Bettina,
are you sure that you loaded the sha2 plugin because the HMAC-SHA2
algorithms for the prf_plus seem to fail. ipsec statusall should list
the sha2 plugin.
Regards
Andreas
On 03/27/2015 04:05 PM, Ko, HsuenJu wrote:
> Hi ,
>
> I got error of “key derivation failed” when I configured ike using sha2.
> I don’t have problem with md5 or sha1. And I am using strongswan
> 5.1.1. Here is the corresponding log. Can someone tell me what I did
> wrong or is this a bug?
>
>
>
> Thanks!
>
> Bettina
>
>
>
>
>
> ike=aes128-sha256-modp2048!
>
>
>
> Mar 27 10:15:41 11[IKE] SKEYSEED => 32 bytes @ 0x41c89760
>
> Mar 27 10:15:41 11[IKE] 0: 40 06 D6 2C 40 06 D8 24 40 F5 00 20 41 C7
> BB 20 @.., at ..$@.. A..
>
> Mar 27 10:15:41 11[IKE] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 00 ................
>
> Mar 27 10:15:41 11[IKE] key derivation failed
>
>
>
>
>
> ike=aes128-sha384-modp2048!
>
>
>
> Mar 27 10:46:03 09[IKE] SKEYSEED => 48 bytes @ 0x41c8bf70
>
> Mar 27 10:46:03 09[IKE] 0: 43 36 20 31 35 20 31 34 20 30 42 20 38 38
> 20 36 C6 15 14 0B 88 6
>
> Mar 27 10:46:03 09[IKE] 16: 46 20 43 38 20 38 45 20 35 34 20 42 44 20
> 38 42 F C8 8E 54 BD 8B
>
> Mar 27 10:46:03 09[IKE] 32: 20 31 46 20 32 38 20 36 44 20 33 41 20 20
> 2E 2E 1F 28 6D 3A ..
>
> Mar 27 10:46:03 09[IKE] key derivation failed
>
>
>
> ike=aes128-sha512-modp2048!
>
>
>
> Mar 27 10:48:17 09[IKE] SKEYSEED => 64 bytes @ 0x41c8bf70
>
> Mar 27 10:48:17 09[IKE] 0: 31 45 20 38 33 20 31 33 20 38 39 20 31 36
> 20 34 1E 83 13 89 16 4
>
> Mar 27 10:48:17 09[IKE] 16: 36 20 35 32 20 32 30 20 39 34 20 31 43 20
> 44 36 6 52 20 94 1C D6
>
> Mar 27 10:48:17 09[IKE] 32: 20 38 39 20 37 38 20 42 43 20 39 41 20 20
> 69 2E 89 78 BC 9A i.
>
> Mar 27 10:48:17 09[IKE] 48: 2E 2E 2E 2E 46 52 20 2E 2E 2E 2E 78 2E 2E
> 0A 20 ....FR ....x...
>
> Mar 27 10:48:17 09[IKE] key derivation failed
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150327/a157312e/attachment-0001.bin>
More information about the Users
mailing list