Hi Mo, > Does that mean it cannot be done?
Recent kernel versions (>= 2.6.33, I think) actually support a variable truncation length. I added support for HMAC_MD5_128 and HMAC_SHA1_160, which are both defined in RFC 4595 (see [1] for the patch). They are not part of charon's default proposal, so you have to manually configure md5_128 and/or sha1_160 with the esp option in ipsec.conf. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=686cfd4e _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users