I have found out that the message is coming from the linux kernel and
not from charon as I thought.
It comes from the function:
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
I still don't know if it something to worry about though.
Regards,
Dimitrios Siganos
Dimitrios Siganos wrote:
Hi,
I am getting the message:
esalg: No test for authenc(hmac(sha1),cbc(aes))
(authenc(hmac(sha1-generic),cbc(aes-generic)))
when I bring up a tunnel. The tunnel is established.
I am using strongswan with openssl instead of libgmp. I believe (but I
am not sure, I can check if you like) that I wasn't getting this message
when I was using libgmp.
I would like to know what this message means. And if it is something I
should worry about.
Later on, after a period of inactivity, of 30 min to 1 hour, the tunnel
fails, one direction first and then eventually both directions. I will
provide more details on that problem separately. I just wanted to know
if this message is an early hint of a problem.
The complete output from charon follows:
# ipsec up test
initiating IKE_SA test[1] to 10.224.2.100
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.224.2.101[500] to 10.224.2.100[500]
received packet: from 10.224.2.100[500] to 10.224.2.101[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ N(MULT_AUTH) ]
received cert request for C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=west
received cert request for C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=east
sending cert request for C=UK, ST=Cambridgeshire, L=Cambridge,
O=Airvana INC, OU=TR069, CN=Airvana CA, e=airvana...@airvana.com
sending cert request for C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=east
sending cert request for C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=west
authentication of 'C=AU, ST=Some-State, L=London, O=Internet Widgits Pty
Ltd, CN=east' (myself) with RSA signature successful
sending end entity cert C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=east
esalg: No test for authenc(hmac(sha1),cbc(aes))
(authenc(hmac(sha1-generic),cbc(aes-generic)))
tablishing CHILD_SA test
generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr
N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ]
sending packet: from 10.224.2.101[4500] to 10.224.2.100[4500]
received packet: from 10.224.2.100[4500] to 10.224.2.101[4500]
parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT)
N(MOBIKE_SUP) N(ADD_4_ADDR) ]
received end entity cert C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=west
using trusted certificate C=AU, ST=Some-State, L=London, O=Internet
Widgits Pty Ltd, CN=west
authentication of 'C=AU, ST=Some-State, L=London, O=Internet Widgits Pty
Ltd, CN=west' with RSA signature successful
scheduling reauthentication in 3351s
maximum IKE_SA lifetime 3531s
IKE_SA test[1] established between 10.224.2.101[C=AU, ST=Some-State,
L=London, O=Internet Widgits Pty Ltd, CN=east]...10.224.2.100[C=AU,
ST=Some-State, L=London, O=Internet Widgits Pty Ltd, CN=west]
Regards,
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users