Hi, I tried decoding ESP packets using ipsec-secgw. Security association was done using strongswan. Some issues I noticed was that the security key (aes) was 192 bit (not 128 of 256) Similarly the authentication key (hmac sha) was 384 instead of 128 or 256. Is this sample app capable of decrypting and authenticating ESP packets with such keys?
This is what SA looked like: src 30.30.20.11 dst 30.30.30.10 proto esp spi 0xcaa695f2 reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha384) 0x55a470aaa48e5100494ce02cdbea1856436b8f88b9daf1072469dc5ab5ae6056be4eaa574254b1667b418e977c92ea74 192 enc cbc(aes) 0x43ed51b8bf2ab8f3d9a7477e9c542dae7ab8fe2bf404a1ad anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000 This is the configuration I pushed to file for decoding: #SP IPv4 rules #Decryption rule sp ipv4 in esp protect 3399914994 pri 3 dst 10.220.42.0/24 sport 0:65535 dport 0:65535 sa in 3399914994 cipher_algo aes-256-cbc cipher_key 00:00:00:00:00:00:00:00:43:ED:51:B8:BF:2A:B8:F3:D9:A7:47:7E:9C:54:2D:AE:7A:B8:FE:2B:F4:04:A1:AD \ auth_algo null \ mode ipv4-tunnel src 30.30.20.11 dst 30.30.30.10 \ port_id 1 \ type no-offload \ #Routing rules rt ipv4 dst 10.220.42.0/24 port 0 #Neighbour rule syntax neigh port 0 f2:e0:f6:21:e0:70 Regards, Surajit