[strongSwan] aes256gcm12 is not working for me
Andreas Steffen
andreas.steffen at strongswan.org
Tue Jun 21 15:23:22 CEST 2016
Hi Sandeep,
since AES-GCM is an authenticated encryption algorithm
no hash algorithm is needed in the esp statement:
esp=aes256gcm12-modp1536
Regards
Andreas
On 21.06.2016 16:27, sandeep dubey wrote:
> Hi, s
>
> I am new to strongswan world and have successfully setup a tunnel
> between two AWS's VPC, But i have to make some changes in config to
> comply with security requirement which is not working even after
> multiple tries. I went through old bug for intel-eni which was fixed but
> couldn't find any way to check and confirm if i have that fix or not.
>
> Bug ref. - http://wiki.strongswan.org/issues/341
> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2
>
> The only difference in my working config and not working config is as
> below -
>
> Working with -
> ike=aes128-sha1-modp1024
> esp=aes128-sha1-modp1024
>
> Not working with -
> ike=aes256gcm12-sha256-modp1536
> esp=aes256gcm12-sha256-modp1536
>
>
> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic
> #129-Ubuntu SMP.
>
> Can someone help me ?
>
> --
> Regards,
> Sandeep
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160621/5f0dc165/attachment.bin>
More information about the Users
mailing list