[strongSwan] aes256gcm12 is not working for me

sandeep dubey sandeep.sanash at gmail.com
Wed Jun 22 05:24:45 CEST 2016 

Thanks Kapil for quick reply.

I grep for 'intel_aesni' at /proc/crypto and found below -

module       : aesni_intel
driver       : crc32c-intel

It seems that our EC2 instance is on that kernel.

On Wed, Jun 22, 2016 at 8:42 AM, Kapil Adhikesavalu <kapil20084 at gmail.com>
wrote:

> Hi Sandeep,
>
> Are you by any chance using intel_aesni klm (check /proc/crypto) ? If so,
> aesgcm256 is not supported until kernel 4.1.
>
> Otherwise you can check the logs to see for any errors.
>
> Related to GCM256 - https://wiki.strongswan.org/issues/341
>
> Thanks
> Kapil
> On 22-Jun-2016 7:12 AM, "sandeep dubey" <sandeep.sanash at gmail.com> wrote:
>
>> Hi Andreas,
>>
>> Thanks for the reply, I tried but it didn't worked for me.
>>
>> my config -
>>
>> conn support-node
>>         authby=secret
>>         auto=start
>>         type=tunnel
>>         left=172.19.17.23
>>         leftid=5.6.7.8
>>         leftsubnet=172.19.0.0/16
>>         leftauth=psk
>>         right=1.2.3.4
>>         rightsubnet=10.10.0.0/16
>>         rightauth=psk
>>         ike=aes256gcm12-modp1536
>>         esp=aes256gcm12-modp1536
>>
>> On Tue, Jun 21, 2016 at 6:53 PM, Andreas Steffen <
>> andreas.steffen at strongswan.org> wrote:
>>
>>> Hi Sandeep,
>>>
>>> since AES-GCM is an authenticated encryption algorithm
>>> no hash algorithm is needed in the esp statement:
>>>
>>>   esp=aes256gcm12-modp1536
>>>
>>> Regards
>>>
>>> Andreas
>>>
>>>
>>> On 21.06.2016 16:27, sandeep dubey wrote:
>>>
>>>> Hi, s
>>>>
>>>> I am new to strongswan world and have successfully setup a tunnel
>>>> between two AWS's VPC, But i have to make some changes in config to
>>>> comply with security requirement which is not working even after
>>>> multiple tries. I went through old bug for intel-eni which was fixed but
>>>> couldn't find any way to check and confirm if i have that fix or not.
>>>>
>>>> Bug ref. - http://wiki.strongswan.org/issues/341
>>>> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2
>>>>
>>>> The only difference in my working config and not working config is as
>>>> below -
>>>>
>>>> Working with -
>>>>          ike=aes128-sha1-modp1024
>>>>          esp=aes128-sha1-modp1024
>>>>
>>>> Not working with -
>>>>          ike=aes256gcm12-sha256-modp1536
>>>>          esp=aes256gcm12-sha256-modp1536
>>>>
>>>>
>>>> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic
>>>> #129-Ubuntu SMP.
>>>>
>>>> Can someone help me ?
>>>>
>>>> --
>>>> Regards,
>>>> Sandeep
>>>>
>>>
>>> ======================================================================
>>> Andreas Steffen                         andreas.steffen at strongswan.org
>>> strongSwan - the Open Source VPN Solution!          www.strongswan.org
>>> Institute for Internet Technologies and Applications
>>> University of Applied Sciences Rapperswil
>>> CH-8640 Rapperswil (Switzerland)
>>> ===========================================================[ITA-HSR]==
>>>
>>>
>>
>>
>> --
>> Regards,
>> Sandeep
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>


-- 
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160622/e418eeac/attachment.html>

More information about the Users mailing list