[strongSwan] aes256gcm12 is not working for me

sandeep dubey sandeep.sanash at gmail.com
Wed Jun 22 03:42:34 CEST 2016 

Hi Andreas,

Thanks for the reply, I tried but it didn't worked for me.

my config -

conn support-node
        authby=secret
        auto=start
        type=tunnel
        left=172.19.17.23
        leftid=5.6.7.8
        leftsubnet=172.19.0.0/16
        leftauth=psk
        right=1.2.3.4
        rightsubnet=10.10.0.0/16
        rightauth=psk
        ike=aes256gcm12-modp1536
        esp=aes256gcm12-modp1536

On Tue, Jun 21, 2016 at 6:53 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Sandeep,
>
> since AES-GCM is an authenticated encryption algorithm
> no hash algorithm is needed in the esp statement:
>
>   esp=aes256gcm12-modp1536
>
> Regards
>
> Andreas
>
>
> On 21.06.2016 16:27, sandeep dubey wrote:
>
>> Hi, s
>>
>> I am new to strongswan world and have successfully setup a tunnel
>> between two AWS's VPC, But i have to make some changes in config to
>> comply with security requirement which is not working even after
>> multiple tries. I went through old bug for intel-eni which was fixed but
>> couldn't find any way to check and confirm if i have that fix or not.
>>
>> Bug ref. - http://wiki.strongswan.org/issues/341
>> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2
>>
>> The only difference in my working config and not working config is as
>> below -
>>
>> Working with -
>>          ike=aes128-sha1-modp1024
>>          esp=aes128-sha1-modp1024
>>
>> Not working with -
>>          ike=aes256gcm12-sha256-modp1536
>>          esp=aes256gcm12-sha256-modp1536
>>
>>
>> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic
>> #129-Ubuntu SMP.
>>
>> Can someone help me ?
>>
>> --
>> Regards,
>> Sandeep
>>
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>


-- 
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160622/727a1089/attachment.html>

More information about the Users mailing list