Hi Christophe, > ike=null-sha1-modp1024! > esp=null-sha1-modp1024!
Using Null encryption for the IKE protocol is considered insecure, you should not use it in a productive setup. It is not really defined for the use in IKEv2 itself. Null encryption in ESP is fine if you don't need confidentiality, but you should use a cipher in IKE anyway. > 09[IKE] ENCRYPTION_ALGORITHM NULL (key size 20) not supported! > 09[IKE] key derivation failed strongSwan does not provide a Null transform in userland in its default configuration. But you can enable the OpenSSL crypto backend by passing --enable-openssl to ./configure, it provides a Null transform. The proposal above should work then between strongSwans, but be aware of the consequences. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
