[strongSwan] cipher choice causing issue
Tobias Brunner
tobias at strongswan.org
Wed Jul 5 14:48:09 CEST 2017
Hi Jamie,
> Server is Ubuntu 17, Client LEDE trunk. Authentication happens, but I think client and server cannot agree on an algorithm?
They do, but the chosen algorithm (probably AES-GCM) apparently is not
supported by the client's kernel:
> 16[KNL] received netlink error: Function not implemented (89)
> 16[KNL] unable to add SAD entry with SPI c09ec43d (FAILED)
> 16[KNL] received netlink error: Function not implemented (89)
> 16[KNL] unable to add SAD entry with SPI ca9fa951 (FAILED)
Either change the kernel or include a supported algorithm in the ESP
proposal (e.g. esp=aes256gcm16-aes256-sha256! on the server and
esp=aes256-sha256! on the client to use AES in CBC mode).
Regards,
Tobias
More information about the Users
mailing list