[strongSwan] aes256gcm12 is not working for me

Andreas Steffen andreas.steffen at strongswan.org
Tue Jun 21 15:23:22 CEST 2016

Hi Sandeep,

since AES-GCM is an authenticated encryption algorithm
no hash algorithm is needed in the esp statement:




On 21.06.2016 16:27, sandeep dubey wrote:
> Hi, s
> I am new to strongswan world and have successfully setup a tunnel
> between two AWS's VPC, But i have to make some changes in config to
> comply with security requirement which is not working even after
> multiple tries. I went through old bug for intel-eni which was fixed but
> couldn't find any way to check and confirm if i have that fix or not.
> Bug ref. - http://wiki.strongswan.org/issues/341
> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2
> The only difference in my working config and not working config is as
> below -
> Working with -
>          ike=aes128-sha1-modp1024
>          esp=aes128-sha1-modp1024
> Not working with -
>          ike=aes256gcm12-sha256-modp1536
>          esp=aes256gcm12-sha256-modp1536
> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic
> #129-Ubuntu SMP.
> Can someone help me ?
> --
> Regards,
> Sandeep

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160621/5f0dc165/attachment.bin>

More information about the Users mailing list