Re: [strongSwan] Issue with AES-GCM algo on strongswan

Tue, 07 Jul 2015 00:12:08 -0700 

Hi ,

Thanks for the help, I have added “aes128gcm128” in strongswan.conf but still 
getting the same issue.

load = aes128gcm128 aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl 
revocation hmac stroke kernel-netlink socket-default fips-prf eap-identity 
eap-aka eap-aka-3gpp2 updown


I checked the list of registered IKE algorithms and I cant see AES-GCM in the 
list.

List of registered IKE algorithms:

  encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des]
  integrity:  HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac] 
HMAC_MD5_96[hmac] HMAC_MD5_128[hmac]
                      HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] 
HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac]
                      HMAC_SHA2_512_256[hmac] HMAC_SHA2_512_512[hmac]
  aead:
  hasher:     HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] 
HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
  prf:             PRF_KEYED_SHA1[sha1] PRF_HMAC_SHA1[hmac] PRF_HMAC_MD5[hmac] 
PRF_HMAC_SHA2_256[hmac]
                      PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac] 
PRF_FIPS_SHA1_160[fips-prf]
  dh-group:   MODP_2048[gmp] MODP_2048_224[gmp] MODP_2048_256[gmp] 
MODP_1536[gmp] MODP_3072[gmp] MODP_4096[gmp]
              MODP_6144[gmp] MODP_8192[gmp] MODP_1024[gmp] MODP_1024_160[gmp] 
MODP_768[gmp] MODP_CUSTOM[gmp]
  random-gen: RNG_STRONG[random] RNG_TRUE[random]
  nonce-gen:  [nonce]


Please let me know if I am missing something.

Regards,
Sunny

From: [email protected] 
[mailto:[email protected]] On Behalf Of Zhuyj
Sent: Tuesday, July 07, 2015 11:11 AM
To: sunny kumar
Cc: [email protected]
Subject: Re: [strongSwan] Issue with AES-GCM algo on strongswan

Load all modules in strong swan.cnf

发自我的 iPhone

在 2015年7月7日,13:33,sunny kumar 
<[email protected]<mailto:[email protected]>> 写道:
Hi,

I am using strongswan client for EAP-AKA scenario.

In ipsec.conf I have added following parameter for IKE SA negotiation :

ike=aes128gcm128-sha1-modp2048,3des-sha1-modp2048!

When client (strongswan) recieves IKE_SA_INIT response it gives an error --
ENCRYPTION_ALGORITHM AES_GCM_16 (key size 128) not supported.


Can anyone advice on above.

Thanks and regards,
Sunny
_______________________________________________
Users mailing list
[email protected]<mailto:[email protected]>
https://lists.strongswan.org/mailman/listinfo/users
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for 
the use of the individual to whom it is addressed. It may contain privileged or 
confidential information and should not be circulated or used for any purpose 
other than for what it is intended. If you have received this message in error, 
please notify the originator immediately. If you are not the intended 
recipient, you are notified that you are strictly prohibited from using, 
copying, altering, or disclosing the contents of this message. Aricent accepts 
no responsibility for loss or damage arising from the use of the information 
transmitted by this email including damage from virus."

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to