I have found out that the message is coming from the linux kernel and not from charon as I thought.
It comes from the function: int alg_test(const char *driver, const char *alg, u32 type, u32 mask) I still don't know if it something to worry about though. Regards, Dimitrios Siganos Dimitrios Siganos wrote: > Hi, > > I am getting the message: > esalg: No test for authenc(hmac(sha1),cbc(aes)) > (authenc(hmac(sha1-generic),cbc(aes-generic))) > when I bring up a tunnel. The tunnel is established. > > I am using strongswan with openssl instead of libgmp. I believe (but I > am not sure, I can check if you like) that I wasn't getting this message > when I was using libgmp. > > I would like to know what this message means. And if it is something I > should worry about. > > Later on, after a period of inactivity, of 30 min to 1 hour, the tunnel > fails, one direction first and then eventually both directions. I will > provide more details on that problem separately. I just wanted to know > if this message is an early hint of a problem. > > The complete output from charon follows: > # ipsec up test > initiating IKE_SA test[1] to 10.224.2.100 > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > sending packet: from 10.224.2.101[500] to 10.224.2.100[500] > received packet: from 10.224.2.100[500] to 10.224.2.101[500] > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > CERTREQ N(MULT_AUTH) ] > received cert request for "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=west" > received cert request for "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=east" > sending cert request for "C=UK, ST=Cambridgeshire, L=Cambridge, > O=Airvana INC, OU=TR069, CN=Airvana CA, e=airvana...@airvana.com" > sending cert request for "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=east" > sending cert request for "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=west" > authentication of 'C=AU, ST=Some-State, L=London, O=Internet Widgits Pty > Ltd, CN=east' (myself) with RSA signature successful > sending end entity cert "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=east" > esalg: No test for authenc(hmac(sha1),cbc(aes)) > (authenc(hmac(sha1-generic),cbc(aes-generic))) > tablishing CHILD_SA test > generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr > N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ] > sending packet: from 10.224.2.101[4500] to 10.224.2.100[4500] > received packet: from 10.224.2.100[4500] to 10.224.2.101[4500] > parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) > N(MOBIKE_SUP) N(ADD_4_ADDR) ] > received end entity cert "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=west" > using trusted certificate "C=AU, ST=Some-State, L=London, O=Internet > Widgits Pty Ltd, CN=west" > authentication of 'C=AU, ST=Some-State, L=London, O=Internet Widgits Pty > Ltd, CN=west' with RSA signature successful > scheduling reauthentication in 3351s > maximum IKE_SA lifetime 3531s > IKE_SA test[1] established between 10.224.2.101[C=AU, ST=Some-State, > L=London, O=Internet Widgits Pty Ltd, CN=east]...10.224.2.100[C=AU, > ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west] > > Regards, > Dimitrios Siganos > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
