[strongSwan] SHA1 vs SHA256
Dusan Ilic
dusan at comhem.se
Fri Aug 4 12:23:33 CEST 2017
Hello!
I have a strange issue, with both settings below the tunnel goes up as
it should, but only with SHA1 in ESP traffic goes through. When I ping
the remote client with ESP SHA256 it times out, even though the tunnel
reports as being up by Strongswan.
Traffic working:
ike=aes256-sha256-modp2048!
esp=aes128-sha1-modp2048!
Traffic not working:
ike=aes256-sha256-modp2048!
esp=aes256-sha256-modp2048!
Below combo doesn't work either:
ike=aes256-sha256-modp2048!
esp=aes128-sha256-modp2048!
Also, are above settings good? I'm having AES128 on ESP because with
AES256 I loose too much througput. Do you have any suggestions for change?
More information about the Users
mailing list