[strongSwan] Cannot ping machines on remote local network - solved
Ric S
burj-al-arab at gmx.de
Fri Sep 8 13:16:10 CEST 2017
On Freitag, 8. September 2017 13:07:25 CEST Tobias Brunner wrote:
> Hi Ric,
>
> > I managed to find the bug, wrong truncation still exists in latest
> > 4.4 kernel:
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tr
> > ee/ net/xfrm/xfrm_algo.c?h=v4.4.87
>
> That's only because you are using the kernel-pfkey plugin on Linux,
> which you should not. It does not provide an interface to change the
> truncation for SHA-256 from userland so the default is used (all kernels
> use 96 bit due to legacy reasons). The kernel-netlink plugin will set
> the correct truncation length when installing the SA, so just disable
> the kernel-pfkey plugin and you won't need to patch the kernel.
>
> Regards,
> Tobias
Hi Tobias,
thanks for the info. Maybe this should be noted somewhere, cause I did not
find any hint regarding this. Could be a good place to add this:
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ
Cheers Ric
More information about the Users
mailing list