[strongSwan] Question related to ESP_TFC_PADDING_NOT_SUPPORTED

rajeev nohria rajnohria at gmail.com
Wed Jan 10 16:51:03 CET 2018

I am trying to understand if ESP_TFC_PADDING_NOT_SUPPORTED means Local is
using the TFC.

I am getting ESP_TFC_PADDING_NOT_SUPPORTED msg from remote. Is that means
local is using the TFC.
On local I have to configured tfc_padding and by default it is disabled.
If by default it is disabled why local side is sending packet with TFC.

12[CFG] certificate status is not available

12[CFG]   reached self-signed root ca with a path length of 1

12[IKE] authentication of 'C=US, O=CableLabs, CN=00:01:5c:96:16:00' with
RSA signature successful

12[IKE] IKE_SA rpdfc00:cada:c406::200[1] established between
fc00:cada:c406:607::1001[C=US, O=ARRIS, OU=LOWELL,
CN=00:33:5f:ab:8c:9e]...fc00:cada:c406::200[C=US, O=CableLabs,

12[IKE] scheduling rekeying in 13218s

12[IKE] maximum IKE_SA lifetime 14658s

12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding

[  274.326216] alg: No test for authenc(hmac(sha256),ecb(cipher_null))

12[IKE] CHILD_SA gcpfc00:cada:c406::200{3} established with SPIs c2b4f3ce_i
2bcba3d9_o and TS fc00:cada:c406:607::1001/128[tcp] ===


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180110/8759e8fe/attachment.html>

More information about the Users mailing list