Hi Siddesh, check with the ipsec statusall command if the xcbc plugin is loaded which is required for AES-XCBC support.
Regards Andreas On 30.05.2016 10:51, siddesh r wrote:
Hi
I using below transform set for ikev2
conn net-net
left=192.168.2.1
leftauth=psk
leftsubnet=22.1.0.0/16 <http://22.1.0.0/16>
leftid=192.168.2.1
leftfirewall=no
right=192.168.2.2
rightauth=psk
rightsubnet=22.2.0.0/16 <http://22.2.0.0/16>
rightid=192.168.2.2
ike=aes128-aesxcbc-modp2048!
auto=add
And getting the below error, could any one let me know whether there is
anything wrong in the configuration
May 30 14:16:17 bgl-mitg-sim481 charon: 02[IKE] initiating IKE_SA
net-net[2] to 192.168.2.2
May 30 14:16:17 bgl-mitg-sim481 charon: 02[ENC] generating IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 30 14:16:17 bgl-mitg-sim481 charon: 02[NET] sending packet: from
192.168.2.1[500] to 192.168.2.2[500]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[NET] received packet: from
192.168.2.2[500] to 192.168.2.1[500]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[ENC] parsed IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] PSEUDO_RANDOM_FUNCTION
PRF_AES128_XCBC not supported!
May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] key derivation failed.
Thanks in advance,
Siddesh
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
