[strongSwan] Question related to ESP_TFC_PADDING_NOT_SUPPORTED

rajeev nohria rajnohria at gmail.com
Wed Jan 10 17:40:25 CET 2018 

Let me ask question again..

On local I did not configure TFC and by default it should be disabled.
>From remote I am receiving following message

12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding

What exactly it mean  "not using ESPv3 TFC padding"  does it means  local
is also not using TFC padding?

Why would local would send msg with TFC when TFC disabled by default. I
have tried tfc_padding = 0 in configuration and get the same message.  Just
trying to understand..





On Wed, Jan 10, 2018 at 10:51 AM, rajeev nohria <rajnohria at gmail.com> wrote:

> I am trying to understand if ESP_TFC_PADDING_NOT_SUPPORTED means Local is
> using the TFC.
>
> I am getting ESP_TFC_PADDING_NOT_SUPPORTED msg from remote. Is that means
> local is using the TFC.
> On local I have to configured tfc_padding and by default it is disabled.
> If by default it is disabled why local side is sending packet with TFC.
>
>
>
>
>
> 12[CFG] certificate status is not available
>
> 12[CFG]   reached self-signed root ca with a path length of 1
>
> 12[IKE] authentication of 'C=US, O=CableLabs, CN=00:01:5c:96:16:00' with
> RSA signature successful
>
> 12[IKE] IKE_SA rpdfc00:cada:c406::200[1] established between
> fc00:cada:c406:607::1001[C=US, O=ARRIS, OU=LOWELL,
> CN=00:33:5f:ab:8c:9e]...fc00:cada:c406::200[C=US, O=CableLabs,
> CN=00:01:5c:96:16:00]
>
> 12[IKE] scheduling rekeying in 13218s
>
> 12[IKE] maximum IKE_SA lifetime 14658s
>
> 12[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
>
> [  274.326216] alg: No test for authenc(hmac(sha256),ecb(cipher_null))
> (authenc(hmac(sha256-generic),ecb-cipher_null))
>
> 12[IKE] CHILD_SA gcpfc00:cada:c406::200{3} established with SPIs
> c2b4f3ce_i 2bcba3d9_o and TS fc00:cada:c406:607::1001/128[tcp] ===
> fc00:cada:c406::200/128[tcp/8190]
>
>
>
> Thanks,
>
> Rajeev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180110/6bb1fdda/attachment.html>

More information about the Users mailing list