[strongSwan] Question related to ESP_TFC_PADDING_NOT_SUPPORTED
rajeev nohria
rajnohria at gmail.com
Wed Jan 10 16:51:03 CET 2018
I am trying to understand if ESP_TFC_PADDING_NOT_SUPPORTED means Local is
using the TFC.
I am getting ESP_TFC_PADDING_NOT_SUPPORTED msg from remote. Is that means
local is using the TFC.
On local I have to configured tfc_padding and by default it is disabled.
If by default it is disabled why local side is sending packet with TFC.
12[CFG] certificate status is not available
12[CFG] reached self-signed root ca with a path length of 1
12[IKE] authentication of 'C=US, O=CableLabs, CN=00:01:5c:96:16:00' with
RSA signature successful
12[IKE] IKE_SA rpdfc00:cada:c406::200[1] established between
fc00:cada:c406:607::1001[C=US, O=ARRIS, OU=LOWELL,
CN=00:33:5f:ab:8c:9e]...fc00:cada:c406::200[C=US, O=CableLabs,
CN=00:01:5c:96:16:00]
12[IKE] scheduling rekeying in 13218s
12[IKE] maximum IKE_SA lifetime 14658s
12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
[ 274.326216] alg: No test for authenc(hmac(sha256),ecb(cipher_null))
(authenc(hmac(sha256-generic),ecb-cipher_null))
12[IKE] CHILD_SA gcpfc00:cada:c406::200{3} established with SPIs c2b4f3ce_i
2bcba3d9_o and TS fc00:cada:c406:607::1001/128[tcp] ===
fc00:cada:c406::200/128[tcp/8190]
Thanks,
Rajeev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180110/8759e8fe/attachment.html>
More information about the Users
mailing list