[strongSwan] SHA1 vs SHA256
andreas.steffen at strongswan.org
Fri Aug 4 12:48:23 CEST 2017
this is a Linux kernel issue. Which kernel versions are you running
on the two endpoints?.
On 04.08.2017 12:41, Dusan Ilic wrote:
> Hi Noel,
> One side is Strongswan 5.2.2 and the other is 5.5.2.
> How do I switch?
> Den 2017-08-04 kl. 12:25, skrev Noel Kuntze:
>> the remote peer probably uses the DRAFT variant of sha2-256, which
>> uses 96 bit truncation. strongSwan uses the actual standardized
>> variant that truncates to 128 bit.
>> You can switch between the two in the newest version of strongSwan
>> On 04.08.2017 12:23, Dusan Ilic wrote:
>>> I have a strange issue, with both settings below the tunnel goes up
>>> as it should, but only with SHA1 in ESP traffic goes through. When I
>>> ping the remote client with ESP SHA256 it times out, even though the
>>> tunnel reports as being up by Strongswan.
>>> Traffic working:
>>> Traffic not working:
>>> Below combo doesn't work either:
>>> Also, are above settings good? I'm having AES128 on ESP because with
>>> AES256 I loose too much througput. Do you have any suggestions for
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users