Hi Chris, IKEv2 support for the AEAD modes CCM and GCM will be introduced with the forthcoming strongSwan release 4.5.0. Thus Debian sid certainly does not support them. I you want to test IKEv2 AEAD, please download the latest developers release
http://download.strongswan.org/strongswan-4.5.0dr3.tar.bz2 Regards Andreas On 10/03/2010 02:21 AM, Christoph Anton Mitterer wrote: > Hi. > > I'm using the Debian sid version of strongswan (without the ikev1 > package). > I wanted to use > ike = aes256gcm128-sha512-modp2048 > esp = aes256gcm128-sha512-modp2048 > > but if I set this on both hosts (host-to-host scenario with tunnel mode) > no tunnel seem to be set up. > Instead I get somethink like: > 10/02/10 05:10:13 12[NET] sending packet: from 84.16.235.61[500] to > 77.37.6.134[500] > 10/02/10 05:10:13 03[NET] received packet: from 77.37.6.134[500] to > 84.16.235.61[500] > 10/02/10 05:10:13 03[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ] > 10/02/10 05:10:13 03[IKE] received NO_PROPOSAL_CHOSEN notify error > 10/02/10 05:10:41 00[DMN] signal of type SIGINT received. Shutting down > > ipsec listall also shows me just these: > List of registered IKEv2 Algorithms: > > encryption: AES_CBC 3DES_CBC DES_CBC DES_ECB CAMELLIA_CBC RC5_CBC > IDEA_CBC CAST_CBC BLOWFISH_CBC NULL > integrity: AES_XCBC_96 HMAC_SHA1_96 HMAC_SHA1_128 HMAC_SHA1_160 > HMAC_SHA2_256_128 HMAC_MD5_96 HMAC_MD5_128 HMAC_SHA2_384_192 > HMAC_SHA2_512_256 > hasher: HASH_SHA1 HASH_SHA224 HASH_SHA256 HASH_SHA384 HASH_SHA512 > HASH_MD5 HASH_MD2 HASH_MD4 > prf: PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_XCBC > PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384 > PRF_HMAC_SHA2_512 > dh-group: MODP_2048 MODP_2048_224 MODP_2048_256 MODP_1536 ECP_256 > ECP_384 ECP_521 ECP_224 ECP_192 MODP_3072 MODP_4096 MODP_6144 MODP_8192 > MODP_1024 MODP_1024_160 MODP_768 > > > What about all the GCM and CCM modes listed here: > http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites ? > > Thanks, > Chris. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
