[strongSwan] Integrity Algorithm Implementation

Phillip Goldfarb Phillip.Goldfarb at DigitaLogic.com
Thu Apr 27 19:38:37 CEST 2017


Hello,

 

I'm using StrongSwan 5.5.2 (built from source) with Linux 2.6 to connect to
another machine also running StrongSwan.

 

I'm having an issue getting StrongSwan to use SHA2 as the integrity
algorithm. Here's an example of a working configuration that allows me to
bring up an IPsec connection:

 

ike=aes256-sha1-modp4096!

esp=aes256-sha1-modp4096!

 

However, when I change it to this, I get an error:

 

ike=aes256-sha256-modp4096!

esp=aes256-sha256-modp4096!

 

This is the error returned by "ipsec up connName": "received netlink error:
Function not implemented (38)"

 

>From what I can tell from Google, this means that my kernel doesn't
implement SHA256. Unfortunately, I'm stuck with the version of the kernel
that I have.

 

Is there a configuration option to tell StrongSwan that the integrity
algorithm should be used in userland? As I understand it, StrongSwan can use
its own implementation or OpenSSL's, but I'm having difficulty figuring out
exactly how to do that.

 

Thanks!

 

Phillip Goldfarb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170427/f1a73e80/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4831 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170427/f1a73e80/attachment-0001.bin>


More information about the Users mailing list