do you check server and client?
发自我的 iPhone > 在 2015年7月7日,15:11,Sunny Kumar <[email protected]> 写道: > > Hi , > > Thanks for the help, I have added “aes128gcm128” in strongswan.conf but still > getting the same issue. > > load = aes128gcm128 aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 > curl revocation hmac stroke kernel-netlink socket-default fips-prf > eap-identity eap-aka eap-aka-3gpp2 updown > > > I checked the list of registered IKE algorithms and I cant see AES-GCM in the > list. > > List of registered IKE algorithms: > > encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] > integrity: HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac] > HMAC_MD5_96[hmac] HMAC_MD5_128[hmac] > HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] > HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac] > HMAC_SHA2_512_256[hmac] HMAC_SHA2_512_512[hmac] > aead: > hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] > HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5] > prf: PRF_KEYED_SHA1[sha1] PRF_HMAC_SHA1[hmac] > PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_256[hmac] > PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac] > PRF_FIPS_SHA1_160[fips-prf] > dh-group: MODP_2048[gmp] MODP_2048_224[gmp] MODP_2048_256[gmp] > MODP_1536[gmp] MODP_3072[gmp] MODP_4096[gmp] > MODP_6144[gmp] MODP_8192[gmp] MODP_1024[gmp] MODP_1024_160[gmp] > MODP_768[gmp] MODP_CUSTOM[gmp] > random-gen: RNG_STRONG[random] RNG_TRUE[random] > nonce-gen: [nonce] > > > Please let me know if I am missing something. > > Regards, > Sunny > > From: [email protected] > [mailto:[email protected]] On Behalf Of Zhuyj > Sent: Tuesday, July 07, 2015 11:11 AM > To: sunny kumar > Cc: [email protected] > Subject: Re: [strongSwan] Issue with AES-GCM algo on strongswan > > Load all modules in strong swan.cnf > > 发自我的 iPhone > > 在 2015年7月7日,13:33,sunny kumar <[email protected]> 写道: > > Hi, > > I am using strongswan client for EAP-AKA scenario. > > In ipsec.conf I have added following parameter for IKE SA negotiation : > > ike=aes128gcm128-sha1-modp2048,3des-sha1-modp2048! > > When client (strongswan) recieves IKE_SA_INIT response it gives an error -- > ENCRYPTION_ALGORITHM AES_GCM_16 (key size 128) not supported. > > > Can anyone advice on above. > > Thanks and regards, > Sunny > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > "DISCLAIMER: This message is proprietary to Aricent and is intended solely > for the use of the individual to whom it is addressed. It may contain > privileged or confidential information and should not be circulated or used > for any purpose other than for what it is intended. If you have received this > message in error, please notify the originator immediately. If you are not > the intended recipient, you are notified that you are strictly prohibited > from using, copying, altering, or disclosing the contents of this message. > Aricent accepts no responsibility for loss or damage arising from the use of > the information transmitted by this email including damage from virus."
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
