Hi Bill, > I want to use the gcm block cypher. (esp=aes128cgm16-sha256!) > I added gcm to the Android.mk in the strongswan_CHARON_PLUGINS list and > also added it to the Android.mk in src/libstrongswan.
The gcm plugin you activated with the above is for strongSwan internal use with the key exchange protocol IKEv2 and not on the IPsec level with ESP, which is what you want to enable with the esp= option. Since ESP is handled by the Linux kernel you have to build your own kernel with CRYPTO_GCM enabled in the options. So if you don't want to actually use AES-GCM with IKEv2 itself you don't have to do anything special when building strongSwan. > The server was configured using --enable-gcm option and an ipsec listall > seems to confirm that the server supports it. Same applies here, --enable-gcm only enables GCM for IKEv2. Depending on the Linux distribution you use, GCM may already be enabled in the default kernel. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
