Hi Andreas, Thanks for the quick response! My system has QNX. Maybe I'll check QNX manuals to find this out. Would you know if QNX entropy pool includes clock-source? When I change the clock-source, the IPSEC tunnel goes for a toss because it seems that the keys are no more aligned between client and server!
Regards, Rakshesh -----Original Message----- From: ext Andreas Steffen [mailto:[email protected]] Sent: Sunday, September 07, 2014 10:44 PM To: Bhatt, Rakshesh 1. (NSN - IN/Bangalore); [email protected] Subject: Re: [strongSwan] Regarding Key Generation in strongswan 4.2.8 Hi Rakshesh, by default strongSwan is using its random plugin to get random material from the Linux /dev/urandom device. Depending on the system setup, multiple random sources are feeding into the Linux entropy pool. You have to check on your system which entropy sources are available. Best regards Andreas On 09/07/2014 04:38 PM, Bhatt, Rakshesh 1. (NSN - IN/Bangalore) wrote: > Hi, > > We are using strongswan version 4.2.8. My question is : Is system time / > clock-source one of the inputs for the algorithm that generates Child SA > and IKE keys? > > Regards, > Rakshesh ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
