Re: [strongSwan] configured DH group CURVE_25519 not supported
Hi All, Thank you for your time and help. Based on your ideas / advices, I checked the SW deployment on the target and found that libstrongswan-curve25519.so was missing from /usr/lib/ipsec/plugins/ directory. So, I had a simple deployment (more precisely: bitbake recipe) error. After fixing the recipe, the target worked again. So the problem is solved. Thank you again. Best regards, Gyula
Re: [strongSwan] configured DH group CURVE_25519 not supported
Hi Eric, I tried both variants. First, without --disable-curve25519, which means that the plugin is enabled (https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf). After that, I added --disable-curve25519 to ./configure options. But both builds produced the same error message. Best regards, Gyula
[strongSwan] configured DH group CURVE_25519 not supported
Hi All, I've just updated strongSwan from 5.5.1 to 5.6.0. After the update, I got the "configured DH group CURVE_25519 not supported" error message. The target was working fine before the update, the configuration files were not changed during the update. I found some information on the internet, so I know that Curve25519 support was introduced in 5.5.2. I checked the build configuration options, and disabled the curve25519 support (--disable-curve25519), but it did not help. I have no idea what might cause the problem. Any help would be appreciated. Best regards, Gyula Kovacs I added the technical details here. Target system: - Linux 3.18.31 #1 PREEMPT Tue Aug 29 12:27:09 CEST 2017 armv7l GNU/Linux - OpenSSL 1.0.2l 25 May 2017 - strongSwan configuration options: --build=x86_64-linux --host=arm-oe-linux-gnueabi --target=arm-oe-linux-gnueabi --prefix=/usr --exec_prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/strongswan --datadir=/usr/share --sysconfdir=/etc --sharedstatedir=/com --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --oldincludedir=/usr/include --infodir=/usr/share/info --mandir=/usr/share/man --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot=/oe-core/build/tmp-glibc/sysroots/ --without-lib-prefix --without-systemdsystemunitdir --disable-aesni --enable-charon --enable-curl --disable-curve25519 --enable-gmp --disable-ldap --disable-mysql --enable-openssl --disable-scepclient --disable-soup --enable-sqlite --enable-stroke --disable-swanctl --disable-systemd Opponent: - Linux 3.16.0-4-586 #1 Debian 3.16.43-2 (2017-04-30) i686 GNU/Linux - OpenSSL 1.0.1t 3 May 2016 - strongSwan configuration options: ./configure --prefix=/usr --sysconfdir=/etc --disable-curve25519 Error message: root@mdm9640:~# ipsec up host-host-psk-lan initiating IKE_SA host-host-psk-lan[1] to 160.48.99.124 configured DH group CURVE_25519 not supported tried to checkin and delete nonexisting IKE_SA establishing connection 'host-host-psk-lan' failed root@mdm9640:~# root@mdm9640:~# ipsec statusall Status of IKE charon daemon (strongSwan 5.6.0, Linux 3.18.31, armv7l): uptime: 13 seconds, since Jan 01 00:01:30 1970 malloc: sbrk 540672, mmap 0, used 229400, free 311272 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gmp xcbc cmac hmac curl sqlite attr kernel-netlink resolve socket-default stroke vici updown xauth-generic Listening IP addresses: 160.48.99.98 160.48.199.98 Connections: host-host-psk-lan: 160.48.99.98...160.48.99.124 IKEv2 host-host-psk-lan: local: [160.48.99.98] uses pre-shared key authentication host-host-psk-lan: remote: [160.48.99.124] uses pre-shared key authentication host-host-psk-lan: child: dynamic === dynamic TRANSPORT Security Associations (0 up, 0 connecting): none root@mdm9640:~# Log files: root@mdm9640:~# cat /var/log/charon.log Jan 1 00:03:35 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, Linux 3.18.31, armv7l) Jan 1 00:03:35 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Jan 1 00:03:35 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Jan 1 00:03:35 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Jan 1 00:03:35 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Jan 1 00:03:35 00[CFG] loading crls from '/etc/ipsec.d/crls' Jan 1 00:03:35 00[CFG] loading secrets from '/etc/ipsec.secrets' Jan 1 00:03:35 00[CFG] loaded IKE secret for 160.48.99.124 Jan 1 00:03:35 00[CFG] loaded IKE secret for 160.48.199.124 Jan 1 00:03:35 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/ATM-02_IPsec-internal.key' Jan 1 00:03:35 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/ATM-02_IPsec-internal.key' Jan 1 00:03:35 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gmp xcbc cmac hmac curl sqlite attr kernel-netlink resolve socket-default stroke vici updown xauth-generic Jan 1 00:03:35 00[JOB] spawning 16 worker threads Jan 1 00:03:35 05[CFG] received stroke: add connection 'host-host-psk-lan' Jan 1 00:03:35 05[CFG] added configuration 'host-host-psk-lan' Jan 1 00:03:54 07[CFG] received stroke: initiate 'host-host-psk-lan' Jan 1 00:03:54 09[IKE]initiating IKE_SA host-host-psk-lan[1] to 160.48.99.124 Jan 1 00:03:54 09[IKE] configured DH group CURVE_25519 not supported Jan 1 00:03:54 09[MGR] tried to checkin and delete nonexisting IKE_SA Jan 1 00:04:02 00[DMN] signal of type SIGINT received. Shutting down root@mdm9640:~# Aug 30 10:12:51 mgu charon: 00[DMN] Starting IKE charon daemon (strongSwan
Re: [strongSwan] AH Transport AES CMAC PSK
Hi Andreas, I checked the loaded plugins and it contains cmac. Nonetheless, setting up the connection fails: root@atm:/etc/ipsec.d/examples# ipsec up host-host establishing CHILD_SA host-host generating CREATE_CHILD_SA request 0 [ N(USE_TRANSP) SA No TSi TSr ] sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500] (192 bytes) received packet: from 192.168.1.212[4500] to 192.168.1.211[4500] (80 bytes) parsed CREATE_CHILD_SA response 0 [ N(NO_PROP) ] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built failed to establish CHILD_SA, keeping IKE_SA establishing connection 'host-host' failed root@atm:/etc/ipsec.d/examples# The log file is the same, what has been attached to my first mail. I have no idea. Best regards, Gyula root@atm:/etc/strongswan.d# ipsec listplugins List of loaded Plugins: charon: CUSTOM:libcharon NONCE_GEN CUSTOM:libcharon-sa-managers CUSTOM:libcharon-receiver CUSTOM:kernel-ipsec CUSTOM:kernel-net CUSTOM:libcharon-receiver HASHER:HASH_SHA1 RNG:RNG_STRONG CUSTOM:socket CUSTOM:libcharon-sa-managers HASHER:HASH_SHA1 RNG:RNG_WEAK aes: CRYPTER:AES_CBC-16 CRYPTER:AES_CBC-24 CRYPTER:AES_CBC-32 des: CRYPTER:3DES_CBC-24 CRYPTER:DES_CBC-8 CRYPTER:DES_ECB-8 rc2: CRYPTER:RC2_CBC-0 sha2: HASHER:HASH_SHA224 HASHER:HASH_SHA256 HASHER:HASH_SHA384 HASHER:HASH_SHA512 sha1: HASHER:HASH_SHA1 PRF:PRF_KEYED_SHA1 md5: HASHER:HASH_MD5 random: RNG:RNG_STRONG RNG:RNG_TRUE nonce: NONCE_GEN RNG:RNG_WEAK x509: CERT_ENCODE:X509 HASHER:HASH_SHA1 CERT_DECODE:X509 HASHER:HASH_SHA1 PUBKEY:ANY CERT_ENCODE:X509_AC CERT_DECODE:X509_AC CERT_ENCODE:X509_CRL CERT_DECODE:X509_CRL CERT_ENCODE:OCSP_REQUEST HASHER:HASH_SHA1 RNG:RNG_WEAK CERT_DECODE:OCSP_RESPONSE CERT_ENCODE:PKCS10_REQUEST CERT_DECODE:PKCS10_REQUEST revocation: CUSTOM:revocation CERT_ENCODE:OCSP_REQUEST (soft) CERT_DECODE:OCSP_RESPONSE (soft) CERT_DECODE:X509_CRL (soft) CERT_DECODE:X509 (soft) FETCHER:(null) (soft) constraints: CUSTOM:constraints CERT_DECODE:X509 (soft) pubkey: CERT_ENCODE:PUBKEY CERT_DECODE:PUBKEY PUBKEY:RSA (soft) PUBKEY:ECDSA (soft) PUBKEY:DSA (soft) pkcs1: PRIVKEY:ANY PRIVKEY:RSA (soft) PRIVKEY:ECDSA (soft) PRIVKEY:RSA PUBKEY:ANY PUBKEY:RSA (soft) PUBKEY:ECDSA (soft) PUBKEY:DSA (soft) PUBKEY:RSA pkcs7: CONTAINER_DECODE:PKCS7 CONTAINER_ENCODE:PKCS7_DATA CONTAINER_ENCODE:PKCS7_SIGNED_DATA CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA pkcs8: PRIVKEY:ANY PRIVKEY:RSA PRIVKEY:ECDSA pkcs12: CONTAINER_DECODE:PKCS12 CONTAINER_DECODE:PKCS7 CERT_DECODE:X509 (soft) PRIVKEY:ANY (soft) HASHER:HASH_SHA1 (soft) CRYPTER:3DES_CBC-24 (soft) CRYPTER:RC2_CBC-0 (soft) pgp: PRIVKEY:ANY PRIVKEY:RSA PUBKEY:ANY PUBKEY:RSA CERT_DECODE:PGP dnskey: PUBKEY:ANY PUBKEY:RSA sshkey: PUBKEY:ANY CERT_DECODE:PUBKEY pem: PRIVKEY:ANY PRIVKEY:ANY HASHER:HASH_MD5 (soft) PRIVKEY:RSA PRIVKEY:RSA HASHER:HASH_MD5 (soft) PRIVKEY:ECDSA PRIVKEY:ECDSA HASHER:HASH_MD5 (soft) PRIVKEY:DSA (not loaded) PRIVKEY:DSA HASHER:HASH_MD5 (soft) PRIVKEY:BLISS (not loaded) PRIVKEY:BLISS PUBKEY:ANY PUBKEY:ANY PUBKEY:RSA PUBKEY:RSA PUBKEY:ECDSA PUBKEY:ECDSA PUBKEY:DSA (not loaded) PUBKEY:DSA PUBKEY:BLISS CERT_DECODE:ANY CERT_DECODE:X509 (soft) CERT_DECODE:PGP (soft) CERT_DECODE:X509 CERT_DECODE:X509 CERT_DECODE:X509_CRL CERT_DECODE:X509_CRL CERT_DECODE:OCSP_REQUEST (not loaded) CERT_DECODE:OCSP_REQUEST CERT_DECODE:OCSP_RESPONSE CERT_DECODE:OCSP_RESPONSE CERT_DECODE:X509_AC CERT_DECODE:X509_AC CERT_DECODE:PKCS10_REQUEST CERT_DECODE:PKCS10_REQUEST CERT_DECODE:PUBKEY CERT_DECODE:PUBKEY CERT_DECODE:PGP CERT_DECODE:PGP CONTAINER_DECODE:PKCS12 CONTAINER_DECODE:PKCS12 openssl: CUSTOM:openssl-threading CRYPTER:AES_CBC-16 CRYPTER:AES_CBC-24 CRYPTER:AES_CBC-32 CRYPTER:CAMELLIA_CBC-16 CRYPTER:CAMELLIA_CBC-24 CRYPTER:CAMELLIA_CBC-32 CRYPTER:CAST_CBC-0 CRYPTER:BLOWFISH_CBC-0 CRYPTER:3DES_CBC-24 CRYPTER:DES_CBC-8 CRYPTER:DES_ECB-8 CRYPTER:NULL-0 HASHER:HASH_MD4 HASHER:HASH_MD5 HASHER:HASH_SHA1 HASHER:HASH_SHA224 HASHER:HASH_SHA256 HASHER:HASH_SHA384 HASHER:HASH_SHA512 PRF:PRF_KEYED_SHA1 PRF:PRF_HMAC_MD5 PRF:PRF_HMAC_SHA1 PRF:PRF_HMAC_SHA2_256 PRF:PRF_HMAC_SHA2_384 PRF:PRF_HMAC_SHA2_512
[strongSwan] AH Transport AES CMAC PSK
Hello, I tried to set up an ikev2/host2host-ah connectionwith pre-shared key. The connection failed, when choosing aescmac as integrity algorithm. The connection was successfully built up when choosing aesxcbc integrity algorithm. I tried this scenario on two Debian 8.6 VMs (kernel 3.16.0-4-586 with CONFIG_CRYPTO_CMAC=m option set) with the latest StrongSwan (v5.5.1). I checked the log files, and found "algorithm AES_CMAC_96 not supported by kernel!" message. Additionally, I found that AES-CMAC-96 is not supported by StrongSwan (https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards). From where comes this limitation? Does it come from StrongSwan implementation or from Linux kernel (as suggested by the error message)? Does anybody have ideas? Best regards, Gyula Kovacs # /etc/ipsec.conf - strongSwan IPsec configuration file config setup conn %default ikelifetime=25m keylife=10m rekeymargin=3m keyingtries=%forever keyexchange=ikev2 authby=secret conn host-host left=192.168.1.211 leftfirewall=yes right=192.168.1.212 type=transport # ah=aesxcbc! ah=aescmac auto=start closeaction=hold dpdaction=hold # /etc/ipsec.conf - strongSwan IPsec configuration file config setup conn %default ikelifetime=25m keylife=10m rekeymargin=3m keyingtries=%forever keyexchange=ikev2 authby=secret conn host-host left=192.168.1.212 leftfirewall=yes right=192.168.1.211 type=transport # ah=aesxcbc! ah=aescmac auto=start closeaction=hold dpdaction=hold Nov 27 11:11:08 mgu charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 3.16.0-4-586, i686) Nov 27 11:11:08 mgu charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Nov 27 11:11:08 mgu charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Nov 27 11:11:08 mgu charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Nov 27 11:11:08 mgu charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Nov 27 11:11:08 mgu charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Nov 27 11:11:08 mgu charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Nov 27 11:11:08 mgu charon: 00[CFG] loading secrets from '/var/lib/strongswan/ipsec.secrets.inc' Nov 27 11:11:08 mgu charon: 00[CFG] loading secrets from '/etc/ipsec.d/examples/ipsec.secrets.mgu' Nov 27 11:11:08 mgu charon: 00[CFG] loaded IKE secret for %any Nov 27 11:11:08 mgu charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc cmac hmac gcm curl sqlite attr kernel-netlink resolve socket-default stroke vici updown xauth-generic Nov 27 11:11:08 mgu charon: 00[JOB] spawning 16 worker threads Nov 27 11:11:08 mgu charon: 05[CFG] received stroke: add connection 'host-host' Nov 27 11:11:08 mgu charon: 05[CFG] added configuration 'host-host' Nov 27 11:11:08 mgu charon: 09[CFG] received stroke: initiate 'host-host' Nov 27 11:11:08 mgu charon: 09[IKE] initiating IKE_SA host-host[1] to 192.168.1.211 Nov 27 11:11:08 mgu charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Nov 27 11:11:08 mgu charon: 09[NET] sending packet: from 192.168.1.212[500] to 192.168.1.211[500] (1156 bytes) Nov 27 11:11:09 mgu charon: 15[NET] received packet: from 192.168.1.211[500] to 192.168.1.212[500] (592 bytes) Nov 27 11:11:09 mgu charon: 15[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ] Nov 27 11:11:09 mgu charon: 15[IKE] authentication of '192.168.1.212' (myself) with pre-shared key Nov 27 11:11:09 mgu charon: 15[IKE] establishing CHILD_SA host-host Nov 27 11:11:09 mgu charon: 15[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Nov 27 11:11:09 mgu charon: 15[NET] sending packet: from 192.168.1.212[4500] to 192.168.1.211[4500] (336 bytes) Nov 27 11:11:09 mgu charon: 11[NET] received packet: from 192.168.1.211[4500] to 192.168.1.212[4500] (160 bytes) Nov 27 11:11:09 mgu charon: 11[ENC] parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ] Nov 27 11:11:09 mgu charon: 11[IKE] authentication of '192.168.1.211' with pre-shared key successful Nov 27 11:11:09 mgu charon: 11[IKE] IKE_SA host-host[1] established between 192.168.1.212[192.168.1.212]...192.168.1.211[192.168.1.211] Nov 27 11:11:09 mgu charon: 11[IKE] scheduling reauthentication in 1300s Nov 27 11:11:09 mgu charon: 11[IKE] maximum IKE_SA lifetime 1480s Nov 27 11:11:09 mgu charon: 11[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built Nov 27
Re: [strongSwan] AH Transport AES-128 GMAC
Hi Tobias, Thank you very much for your help and detailed description. I checked the responder's daemon.log, and found the the same error messages you've mentioned. I think, our customer will accept this fact and will choose a different integrity algorithm or switch to ESP. Best regards, Gyula On 2016.11.10. 19:08, Tobias Brunner wrote: Hi Gyula, I'm running the test between two identical Debian 8.6 VMs. Both have the same version of strongSwan (v5.5.1), compiled withe the same switches. I was able to reproduce this in our testing environment. On the responder you should have seen the following messages: [CHD] no keylength defined for AES_128_GMAC [IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel These are caused because for AES-GMAC the key length is not explicitly encoded in the proposal, instead each length has its own identifier (compared to ESP with AES-GCM or NULL-AES-GMAC where there is only one identifier and the key length is transmitted). But when deriving keys we currently don't map these identifiers back to the required key length. Another issue is that the kernel-netlink plugin currently doesn't map these identifiers to algorithm names either, so the plugin isn't able to install the SAs after deriving the keys. However, as it turns out, the Linux kernel can't actually be configured to use AES-GMAC with AH, only with ESP. So what you want to do is currently not possible at all. If you are not dead set on using AH you could use esp=aes128gmac instead, to configure ESP with NULL encryption and AES-GMAC authentication. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] Is it possible to force re-keying?
Hi All, Our customer has some special requirements on the ipsec solution. One of them is to be able force re-keying in a host-host scenario. I searched the online documentation, but didn't find any information about it. Is it possible? Best regards, Gyula Kovacs ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] AH Transport AES-128 GMAC
Hi Tobias, I'm sorry, but my test environment description was not detailed enough. I'm running the test between two identical Debian 8.6 VMs. Both have the same version of strongSwan (v5.5.1), compiled withe the same switches. (./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-gmp --enable-charon --enable-stroke --enable-curl --enable-sqlite --enable-agent --enable-gcm) --- root@atm:/etc/ipsec.d/examples# ipsec version Linux strongSwan U5.5.1/K3.16.0-4-586 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. root@atm:/etc/ipsec.d/examples# --- root@mgu:/etc/ipsec.d/examples# ipsec version Linux strongSwan U5.5.1/K3.16.0-4-586 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. root@mgu:/etc/ipsec.d/examples# --- Best regards, Gyula On 2016.11.07. 09:54, Tobias Brunner wrote: Hi Gyula, Thank you for the idea, but I'm using version 5.5.1 (see below). I see. The other end might not, though. Regards, Tobias -- Gyula Kovács KKB-Tech +36 30 257 9319 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] AH Transport AES-128 GMAC
Hi Tobias, Thank you for the idea, but I'm using version 5.5.1 (see below). --- root@atm:~# ipsec version Linux strongSwan U5.5.1/K3.16.0-4-586 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. root@atm:~# --- I compiled it on Debian 8.6 VM, after using the following configuration options: ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl --enable-gmp --enable-charon --enable-stroke --enable-curl --enable-sqlite --enable-agent --enable-gcm Best regards, Gyula On 2016.11.07. 09:35, Tobias Brunner wrote: Hi Gyula, Anybody have an idea what could be wrong? That's due to a recently fixed bug that mapped the aes*gmac keywords incorrectly for AH proposals. You may either update to 5.5.1, which includes the fix, or try to apply the patch at [1] (won't apply cleanly to any older version as it is based on other changes). Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a65a282f -- Gyula Kovács KKB-Tech +36 30 257 9319 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] AH Transport AES-128 GMAC
Hello, I'm trying to set up an ikev2/host2host-ah connection according to https://www.strongswan.org/testing/testresults/ikev2/host2host-ah/index.html page. The connection is successfully established when I'm using the aesxcbc integrity algorithm (as in the example). See ipsec_listalgs__2.txt, ipsec_status__2.txt and ipsec_up_host-host_transport_ah_aesxcbc__2.txt files. But, according to our customer's requirements, I have to use aes128gmac integrity algorithm. So I changed the "ah=aesxcbc" to "ah=aes128gmac" in the ipsec.conf file. The connection could not be established with the new setting (see ipsec_up_host-host_transport_ah_aes128gmac__2.txt file). My test environment (both hosts): - Debian 8.6 VM - StongSwan 5.5.1 (built as Debian has StrongSwan 5.2.1 by default) Anybody have an idea what could be wrong? Best regards, Gyula Kovacs root@atm:/etc/ipsec.d/examples# ipsec listalgs List of registered IKE algorithms: encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] RC2_CBC[rc2] CAMELLIA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] integrity: HMAC_MD5_96[openssl] HMAC_MD5_128[openssl] HMAC_SHA1_96[openssl] HMAC_SHA1_128[openssl] HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl] HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl] HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl] HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc] AES_XCBC_96[xcbc] AES_CMAC_96[cmac] aead: AES_GCM_16[openssl] AES_GCM_12[openssl] AES_GCM_8[openssl] hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5] HASH_MD4[openssl] prf:PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] PRF_HMAC_SHA2_256[openssl] PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_CAMELLIA128_XCBC[xcbc] PRF_AES128_CMAC[cmac] xof: dh-group: ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl] ECP_224_BP[openssl] MODP_3072[openssl] MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl] MODP_CUSTOM[openssl] random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random] nonce-gen: [nonce] root@atm:/etc/ipsec.d/examples# root@atm:/etc/ipsec.d/examples# ipsec status Security Associations (1 up, 0 connecting): host-host[1]: ESTABLISHED 91 seconds ago, 192.168.1.211[!DELETED-BECAUSE-OF-CONFIDENTIALITY!]...192.168.1.212[!DELETED-BECAUSE-OF-CONFIDENTIALITY!] host-host{1}: INSTALLED, TRANSPORT, reqid 1, AH SPIs: c621bb4b_i c47a8f2e_o host-host{1}: 192.168.1.211/32 === 192.168.1.212/32 root@atm:/etc/ipsec.d/examples# root@atm:/etc/ipsec.d/examples# ipsec up host-host initiating IKE_SA host-host[1] to 192.168.1.212 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] sending packet: from 192.168.1.211[500] to 192.168.1.212[500] (1156 bytes) received packet: from 192.168.1.212[500] to 192.168.1.211[500] (657 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ] received cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" received cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" received cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" sending cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" sending cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" sending cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" authentication of '!DELETED-BECAUSE-OF-CONFIDENTIALITY!' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful sending end entity cert "!DELETED-BECAUSE-OF-CONFIDENTIALITY!" establishing CHILD_SA host-host generating IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] splitting IKE message with length of 1920 bytes into 2 fragments generating IKE_AUTH request 1 [ EF(1/2) ] generating IKE_AUTH request 1 [ EF(2/2) ] sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500] (1236 bytes) sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500] (756 bytes) received packet: from 192.168.1.212[4500] to 192.168.1.211[4500] (1236 bytes) parsed IKE_AUTH response 1 [ EF(1/2) ] received fragment #1 of 2, waiting for complete IKE message received packet: from 192.168.1.212[4500] to 192.168.1.211[4500] (548 bytes) parsed IKE_AUTH response 1 [ EF(2/2) ] received fragment #2 of 2, reassembling fragmented IKE message parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ] received end