Hi, I am getting the message: esalg: No test for authenc(hmac(sha1),cbc(aes)) (authenc(hmac(sha1-generic),cbc(aes-generic))) when I bring up a tunnel. The tunnel is established.
I am using strongswan with openssl instead of libgmp. I believe (but I am not sure, I can check if you like) that I wasn't getting this message when I was using libgmp. I would like to know what this message means. And if it is something I should worry about. Later on, after a period of inactivity, of 30 min to 1 hour, the tunnel fails, one direction first and then eventually both directions. I will provide more details on that problem separately. I just wanted to know if this message is an early hint of a problem. The complete output from charon follows: # ipsec up test initiating IKE_SA test[1] to 10.224.2.100 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 10.224.2.101[500] to 10.224.2.100[500] received packet: from 10.224.2.100[500] to 10.224.2.101[500] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] received cert request for "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west" received cert request for "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=east" sending cert request for "C=UK, ST=Cambridgeshire, L=Cambridge, O=Airvana INC, OU=TR069, CN=Airvana CA, e=airvana...@airvana.com" sending cert request for "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=east" sending cert request for "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west" authentication of 'C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=east' (myself) with RSA signature successful sending end entity cert "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=east" esalg: No test for authenc(hmac(sha1),cbc(aes)) (authenc(hmac(sha1-generic),cbc(aes-generic))) tablishing CHILD_SA test generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ] sending packet: from 10.224.2.101[4500] to 10.224.2.100[4500] received packet: from 10.224.2.100[4500] to 10.224.2.101[4500] parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ] received end entity cert "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west" using trusted certificate "C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west" authentication of 'C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west' with RSA signature successful scheduling reauthentication in 3351s maximum IKE_SA lifetime 3531s IKE_SA test[1] established between 10.224.2.101[C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=east]...10.224.2.100[C=AU, ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west] Regards, Dimitrios Siganos _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
