On Thu, Jun 28, 2012 at 6:27 AM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hi Chris,
the problem is not ECDSA authentication but the configuration of
AES-GCM in the kernel which is not possible because the PFKEY
interface does not support the configuration of ESP authenticated
Hi Gowri,
have a look at the following piece of code in the git repository
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/network/receiver.c;h=f0cb0b2d17d153205e97f880e7daa0fdea89f974;hb=HEAD#l409
which is the basis of today's strongSwan 5.0.0 release.
Regards
Andreas
On
Hi Andreas,
I tested in strongswan-5.0.0rc1 as well, but same problem.
I'll debug some more and post here updates.
Thanks,
Gowri Shankar
On Saturday 30 June 2012 08:38 PM, Andreas Steffen wrote:
Hi Gowri,
have a look at the following piece of code in the git repository
Are you using the charon daemon with the socket-raw plugin which
filters and processes IKE major version 2 only or the socket-default
plugin which processes all IKE packets irrespective of the major
version? ipsec statusall shows which plugin is loaded.
Regards
Andreas
On 30.06.2012 20:05,
Hi Andreas,
Thanks a lot! Yes, It was using socket-raw (as pluto is also configured)
. I disabled
explicitly in configure option and enabled socket-default, and seeing
invalid version
notification correctly.
Jun 30 17:04:35 09[ENC] parsing rule 3 U_INT_4
Jun 30 17:04:35 09[ENC]= 3
...
Jun
