[strongSwan] AH Transport AES CMAC PSK
Gyula Kovács
gyula.kovacs.kkb.tech at gmail.com
Sun Nov 27 17:16:30 CET 2016
Hi Andreas,
I checked the loaded plugins and it contains cmac.
Nonetheless, setting up the connection fails:
root at atm:/etc/ipsec.d/examples# ipsec up host-host
establishing CHILD_SA host-host
generating CREATE_CHILD_SA request 0 [ N(USE_TRANSP) SA No TSi TSr ]
sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500]
(192 bytes)
received packet: from 192.168.1.212[4500] to 192.168.1.211[4500]
(80 bytes)
parsed CREATE_CHILD_SA response 0 [ N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
establishing connection 'host-host' failed
root at atm:/etc/ipsec.d/examples#
The log file is the same, what has been attached to my first mail. I
have no idea.
Best regards,
Gyula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161127/37b2e162/attachment.html>
-------------- next part --------------
root at atm:/etc/strongswan.d# ipsec listplugins
List of loaded Plugins:
charon:
CUSTOM:libcharon
NONCE_GEN
CUSTOM:libcharon-sa-managers
CUSTOM:libcharon-receiver
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
CUSTOM:libcharon-receiver
HASHER:HASH_SHA1
RNG:RNG_STRONG
CUSTOM:socket
CUSTOM:libcharon-sa-managers
HASHER:HASH_SHA1
RNG:RNG_WEAK
aes:
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
des:
CRYPTER:3DES_CBC-24
CRYPTER:DES_CBC-8
CRYPTER:DES_ECB-8
rc2:
CRYPTER:RC2_CBC-0
sha2:
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
sha1:
HASHER:HASH_SHA1
PRF:PRF_KEYED_SHA1
md5:
HASHER:HASH_MD5
random:
RNG:RNG_STRONG
RNG:RNG_TRUE
nonce:
NONCE_GEN
RNG:RNG_WEAK
x509:
CERT_ENCODE:X509
HASHER:HASH_SHA1
CERT_DECODE:X509
HASHER:HASH_SHA1
PUBKEY:ANY
CERT_ENCODE:X509_AC
CERT_DECODE:X509_AC
CERT_ENCODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_ENCODE:OCSP_REQUEST
HASHER:HASH_SHA1
RNG:RNG_WEAK
CERT_DECODE:OCSP_RESPONSE
CERT_ENCODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
revocation:
CUSTOM:revocation
CERT_ENCODE:OCSP_REQUEST (soft)
CERT_DECODE:OCSP_RESPONSE (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509 (soft)
FETCHER:(null) (soft)
constraints:
CUSTOM:constraints
CERT_DECODE:X509 (soft)
pubkey:
CERT_ENCODE:PUBKEY
CERT_DECODE:PUBKEY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
pkcs1:
PRIVKEY:ANY
PRIVKEY:RSA (soft)
PRIVKEY:ECDSA (soft)
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
PUBKEY:RSA
pkcs7:
CONTAINER_DECODE:PKCS7
CONTAINER_ENCODE:PKCS7_DATA
CONTAINER_ENCODE:PKCS7_SIGNED_DATA
CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA
pkcs8:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
pkcs12:
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS7
CERT_DECODE:X509 (soft)
PRIVKEY:ANY (soft)
HASHER:HASH_SHA1 (soft)
CRYPTER:3DES_CBC-24 (soft)
CRYPTER:RC2_CBC-0 (soft)
pgp:
PRIVKEY:ANY
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA
CERT_DECODE:PGP
dnskey:
PUBKEY:ANY
PUBKEY:RSA
sshkey:
PUBKEY:ANY
CERT_DECODE:PUBKEY
pem:
PRIVKEY:ANY
PRIVKEY:ANY
HASHER:HASH_MD5 (soft)
PRIVKEY:RSA
PRIVKEY:RSA
HASHER:HASH_MD5 (soft)
PRIVKEY:ECDSA
PRIVKEY:ECDSA
HASHER:HASH_MD5 (soft)
PRIVKEY:DSA (not loaded)
PRIVKEY:DSA
HASHER:HASH_MD5 (soft)
PRIVKEY:BLISS (not loaded)
PRIVKEY:BLISS
PUBKEY:ANY
PUBKEY:ANY
PUBKEY:RSA
PUBKEY:RSA
PUBKEY:ECDSA
PUBKEY:ECDSA
PUBKEY:DSA (not loaded)
PUBKEY:DSA
PUBKEY:BLISS
CERT_DECODE:ANY
CERT_DECODE:X509 (soft)
CERT_DECODE:PGP (soft)
CERT_DECODE:X509
CERT_DECODE:X509
CERT_DECODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_DECODE:OCSP_REQUEST (not loaded)
CERT_DECODE:OCSP_REQUEST
CERT_DECODE:OCSP_RESPONSE
CERT_DECODE:OCSP_RESPONSE
CERT_DECODE:X509_AC
CERT_DECODE:X509_AC
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:PUBKEY
CERT_DECODE:PUBKEY
CERT_DECODE:PGP
CERT_DECODE:PGP
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS12
openssl:
CUSTOM:openssl-threading
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
CRYPTER:CAMELLIA_CBC-16
CRYPTER:CAMELLIA_CBC-24
CRYPTER:CAMELLIA_CBC-32
CRYPTER:CAST_CBC-0
CRYPTER:BLOWFISH_CBC-0
CRYPTER:3DES_CBC-24
CRYPTER:DES_CBC-8
CRYPTER:DES_ECB-8
CRYPTER:NULL-0
HASHER:HASH_MD4
HASHER:HASH_MD5
HASHER:HASH_SHA1
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
PRF:PRF_KEYED_SHA1
PRF:PRF_HMAC_MD5
PRF:PRF_HMAC_SHA1
PRF:PRF_HMAC_SHA2_256
PRF:PRF_HMAC_SHA2_384
PRF:PRF_HMAC_SHA2_512
SIGNER:HMAC_MD5_96
SIGNER:HMAC_MD5_128
SIGNER:HMAC_SHA1_96
SIGNER:HMAC_SHA1_128
SIGNER:HMAC_SHA1_160
SIGNER:HMAC_SHA2_256_128
SIGNER:HMAC_SHA2_256_256
SIGNER:HMAC_SHA2_384_192
SIGNER:HMAC_SHA2_384_384
SIGNER:HMAC_SHA2_512_256
SIGNER:HMAC_SHA2_512_512
AEAD:AES_GCM_16-16
AEAD:AES_GCM_16-24
AEAD:AES_GCM_16-32
AEAD:AES_GCM_12-16
AEAD:AES_GCM_12-24
AEAD:AES_GCM_12-32
AEAD:AES_GCM_8-16
AEAD:AES_GCM_8-24
AEAD:AES_GCM_8-32
DH:ECP_256
DH:ECP_384
DH:ECP_521
DH:ECP_224
DH:ECP_192
DH:ECP_256_BP
DH:ECP_384_BP
DH:ECP_512_BP
DH:ECP_224_BP
DH:MODP_3072
DH:MODP_4096
DH:MODP_6144
DH:MODP_8192
DH:MODP_2048
DH:MODP_2048_224
DH:MODP_2048_256
DH:MODP_1536
DH:MODP_1024
DH:MODP_1024_160
DH:MODP_768
DH:MODP_CUSTOM
PRIVKEY:RSA
PRIVKEY:ANY
PRIVKEY_GEN:RSA
PUBKEY:RSA
PUBKEY:ANY
PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
CERT_DECODE:X509
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
CERT_DECODE:X509_CRL
CONTAINER_DECODE:PKCS7
CONTAINER_DECODE:PKCS12
PRIVKEY:ECDSA
PRIVKEY_GEN:ECDSA
PUBKEY:ECDSA
PRIVKEY_SIGN:ECDSA_WITH_NULL
PUBKEY_VERIFY:ECDSA_WITH_NULL
PRIVKEY_SIGN:ECDSA_WITH_SHA1_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA1_DER
PRIVKEY_SIGN:ECDSA_WITH_SHA256_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA256_DER
PRIVKEY_SIGN:ECDSA-256
PUBKEY_VERIFY:ECDSA-256
PRIVKEY_SIGN:ECDSA_WITH_SHA384_DER
PRIVKEY_SIGN:ECDSA_WITH_SHA512_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA384_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA512_DER
PRIVKEY_SIGN:ECDSA-384
PRIVKEY_SIGN:ECDSA-521
PUBKEY_VERIFY:ECDSA-384
PUBKEY_VERIFY:ECDSA-521
PRIVKEY:ANY
RNG:RNG_STRONG
RNG:RNG_WEAK
fips-prf:
PRF:PRF_FIPS_SHA1_160
PRF:PRF_KEYED_SHA1
gmp:
DH:MODP_3072
RNG:RNG_STRONG
DH:MODP_4096
RNG:RNG_STRONG
DH:MODP_6144
RNG:RNG_STRONG
DH:MODP_8192
RNG:RNG_STRONG
DH:MODP_2048
RNG:RNG_STRONG
DH:MODP_2048_224
RNG:RNG_STRONG
DH:MODP_2048_256
RNG:RNG_STRONG
DH:MODP_1536
RNG:RNG_STRONG
DH:MODP_1024
RNG:RNG_STRONG
DH:MODP_1024_160
RNG:RNG_STRONG
DH:MODP_768
RNG:RNG_STRONG
DH:MODP_CUSTOM
RNG:RNG_STRONG
PRIVKEY:RSA
PRIVKEY_GEN:RSA
RNG:RNG_TRUE
PUBKEY:RSA
PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_224
HASHER:HASH_SHA224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_256
HASHER:HASH_SHA256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_384
HASHER:HASH_SHA384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA2_512
HASHER:HASH_SHA512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 (not loaded)
HASHER:HASH_SHA3_224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 (not loaded)
HASHER:HASH_SHA3_256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 (not loaded)
HASHER:HASH_SHA3_384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 (not loaded)
HASHER:HASH_SHA3_512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
HASHER:HASH_SHA1
PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
HASHER:HASH_MD5
PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_224
HASHER:HASH_SHA224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_256
HASHER:HASH_SHA256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_384
HASHER:HASH_SHA384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA2_512
HASHER:HASH_SHA512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 (not loaded)
HASHER:HASH_SHA3_224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 (not loaded)
HASHER:HASH_SHA3_256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 (not loaded)
HASHER:HASH_SHA3_384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 (not loaded)
HASHER:HASH_SHA3_512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
HASHER:HASH_SHA1
PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
HASHER:HASH_MD5
PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
RNG:RNG_WEAK
agent:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
xcbc:
PRF:PRF_AES128_XCBC
CRYPTER:AES_CBC-16
PRF:PRF_CAMELLIA128_XCBC
CRYPTER:CAMELLIA_CBC-16
SIGNER:CAMELLIA_XCBC_96
CRYPTER:CAMELLIA_CBC-16
SIGNER:AES_XCBC_96
CRYPTER:AES_CBC-16
cmac:
PRF:PRF_AES128_CMAC
CRYPTER:AES_CBC-16
SIGNER:AES_CMAC_96
CRYPTER:AES_CBC-16
hmac:
PRF:PRF_HMAC_SHA1
HASHER:HASH_SHA1
PRF:PRF_HMAC_MD5
HASHER:HASH_MD5
PRF:PRF_HMAC_SHA2_256
HASHER:HASH_SHA256
PRF:PRF_HMAC_SHA2_384
HASHER:HASH_SHA384
PRF:PRF_HMAC_SHA2_512
HASHER:HASH_SHA512
SIGNER:HMAC_SHA1_96
HASHER:HASH_SHA1
SIGNER:HMAC_SHA1_128
HASHER:HASH_SHA1
SIGNER:HMAC_SHA1_160
HASHER:HASH_SHA1
SIGNER:HMAC_MD5_96
HASHER:HASH_MD5
SIGNER:HMAC_MD5_128
HASHER:HASH_MD5
SIGNER:HMAC_SHA2_256_128
HASHER:HASH_SHA256
SIGNER:HMAC_SHA2_256_256
HASHER:HASH_SHA256
SIGNER:HMAC_SHA2_384_192
HASHER:HASH_SHA384
SIGNER:HMAC_SHA2_384_384
HASHER:HASH_SHA384
SIGNER:HMAC_SHA2_512_256
HASHER:HASH_SHA512
SIGNER:HMAC_SHA2_512_512
HASHER:HASH_SHA512
gcm:
AEAD:AES_GCM_8-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_8-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_8-32
CRYPTER:AES_CBC-32
AEAD:AES_GCM_12-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_12-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_12-32
CRYPTER:AES_CBC-32
AEAD:AES_GCM_16-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_16-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_16-32
CRYPTER:AES_CBC-32
curl:
FETCHER:file://
FETCHER:ftp://
FETCHER:http://
FETCHER:https://
CUSTOM:openssl-threading
sqlite:
DATABASE:SQLite
attr:
CUSTOM:attr
kernel-netlink:
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
resolve:
CUSTOM:resolve
socket-default:
CUSTOM:socket
CUSTOM:kernel-ipsec (soft)
stroke:
CUSTOM:stroke
PRIVKEY:RSA (soft)
PRIVKEY:ECDSA (soft)
PRIVKEY:DSA (soft)
PRIVKEY:BLISS (soft)
CERT_DECODE:ANY (soft)
CERT_DECODE:X509 (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509_AC (soft)
CERT_DECODE:PUBKEY (soft)
vici:
CUSTOM:vici
updown:
CUSTOM:updown
xauth-generic:
XAUTH_SERVER:generic
XAUTH_CLIENT:generic
root at atm:/etc/strongswan.d#
More information about the Users
mailing list