[strongSwan] aes256gcm12 is not working for me

Kapil Adhikesavalu kapil20084 at gmail.com
Wed Jun 22 05:12:59 CEST 2016


Hi Sandeep,

Are you by any chance using intel_aesni klm (check /proc/crypto) ? If so,
aesgcm256 is not supported until kernel 4.1.

Otherwise you can check the logs to see for any errors.

Related to GCM256 - https://wiki.strongswan.org/issues/341

Thanks
Kapil
On 22-Jun-2016 7:12 AM, "sandeep dubey" <sandeep.sanash at gmail.com> wrote:

> Hi Andreas,
>
> Thanks for the reply, I tried but it didn't worked for me.
>
> my config -
>
> conn support-node
>         authby=secret
>         auto=start
>         type=tunnel
>         left=172.19.17.23
>         leftid=5.6.7.8
>         leftsubnet=172.19.0.0/16
>         leftauth=psk
>         right=1.2.3.4
>         rightsubnet=10.10.0.0/16
>         rightauth=psk
>         ike=aes256gcm12-modp1536
>         esp=aes256gcm12-modp1536
>
> On Tue, Jun 21, 2016 at 6:53 PM, Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
>
>> Hi Sandeep,
>>
>> since AES-GCM is an authenticated encryption algorithm
>> no hash algorithm is needed in the esp statement:
>>
>>   esp=aes256gcm12-modp1536
>>
>> Regards
>>
>> Andreas
>>
>>
>> On 21.06.2016 16:27, sandeep dubey wrote:
>>
>>> Hi, s
>>>
>>> I am new to strongswan world and have successfully setup a tunnel
>>> between two AWS's VPC, But i have to make some changes in config to
>>> comply with security requirement which is not working even after
>>> multiple tries. I went through old bug for intel-eni which was fixed but
>>> couldn't find any way to check and confirm if i have that fix or not.
>>>
>>> Bug ref. - http://wiki.strongswan.org/issues/341
>>> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2
>>>
>>> The only difference in my working config and not working config is as
>>> below -
>>>
>>> Working with -
>>>          ike=aes128-sha1-modp1024
>>>          esp=aes128-sha1-modp1024
>>>
>>> Not working with -
>>>          ike=aes256gcm12-sha256-modp1536
>>>          esp=aes256gcm12-sha256-modp1536
>>>
>>>
>>> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic
>>> #129-Ubuntu SMP.
>>>
>>> Can someone help me ?
>>>
>>> --
>>> Regards,
>>> Sandeep
>>>
>>
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Open Source VPN Solution!          www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>>
>>
>
>
> --
> Regards,
> Sandeep
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160622/5a7d7a84/attachment-0001.html>


More information about the Users mailing list