[strongSwan] AH Transport AES CMAC PSK
andreas.steffen at strongswan.org
Sun Nov 27 15:20:41 CET 2016
the Linux kernel does not support AES_CMAC but strongSwan has IKE
support via the cmac plugin which is enabled by default.
On 27.11.2016 14:46, Gyula Kovács wrote:
> I tried to set up an ikev2/host2host-ah connectionwith pre-shared key.
> The connection failed, when choosing aescmac as integrity algorithm.
> The connection was successfully built up when choosing aesxcbc integrity
> I tried this scenario on two Debian 8.6 VMs (kernel 3.16.0-4-586 with
> CONFIG_CRYPTO_CMAC=m option set) with the latest StrongSwan (v5.5.1).
> I checked the log files, and found "algorithm AES_CMAC_96 not supported
> by kernel!" message.
> Additionally, I found that AES-CMAC-96 is not supported by StrongSwan
> From where comes this limitation?
> Does it come from StrongSwan implementation or from Linux kernel (as
> suggested by the error message)?
> Does anybody have ideas?
> Best regards,
> Gyula Kovacs
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users