Hi Andreas,
Thanks for your inputs.
I did some testing with leftfirewall, iptables rules and understood the
behavior.
Regards,
Sarat
On Fri, Aug 5, 2016 at 12:31 AM, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:
> Hi Sarat,
>
> leftfirewall=yes installs and removes dynamic IPsec
With the below steps I don't see any performance improvements in ipsec in a
multicore HW. Is there anything I am missing?
Thanks
Kapil
On 04-Aug-2016 5:37 PM, "Kapil Adhikesavalu" wrote:
Hello,
I am getting the following errors while trying pcrypt. From the wiki page,
i
Hi Codrut,
no strongSwan does not support the ESP authentication algorithm
HMAC-RIPEMD-160-96.
Regards
Andreas
On 05.08.2016 13:41, Codrut Grosu wrote:
> Hi,
>
>
> Is the next algorithm supported by strongSwan : MAC-RIPMED-160-96
> [RFC2857] ?
>
>
> The name is from wireshark ESP
Hi,
Is the next algorithm supported by strongSwan : MAC-RIPMED-160-96 [RFC2857] ?
The name is from wireshark ESP decryption table.
Cheers,
Codrut.
___
Users mailing list
Users@lists.strongswan.org
Hi,
We recently experienced that an IKEv2-negotiated ESP site-to-site
tunnel between strongSwan 5.3.5 running on Ubuntu 16.04 and a Fortinet
FortiGate router broke following the re-auth of the IKE_SA. Just one
out of six ESP CHILD_SAs broke.
I've uploaded config files, charon logs, and other
Thanks Andreas.
On Fri, Aug 5, 2016 at 2:29 PM, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:
> Hi Lakshmi,
>
> yes, your understanding is correct. Since AES-GCM is an
> authenticated encryption algorithm, you don't need an
> additional integrity protection function. Thus
>
> Valid
Hi Lakshmi,
yes, your understanding is correct. Since AES-GCM is an
authenticated encryption algorithm, you don't need an
additional integrity protection function. Thus
Valid IKEv1 combo:
--
keyexchange=ikev1
ike=aes256-sha256-modp2048!
esp=aes256gcm128!
Valid IKEv2 combo:
Thank you for the reply Andreas.
Can you please validate my understanding?
Valid combo:
---
keyexchange=ikev1
ike=aes256-sha256-modp2048!
esp=aes256gcm128-sha256!
Invalid combo:
keyexchange=ikev1
ike=aes256gcm128-sha256-modp2048!
Hi Lakshmi,
The old IKEv1 protocol does not support AES-GCM for IKE since
IANA hasn't assigned any encryption transform numbers:
http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-4
AES-GCM can be used for IKE protection with IKEv2, only:
Hi Team,
I am trying to use AES-GCM with IKEV1 and see that strongswan does not send
the encryption algorithm.
Is there any plugin or knob to enable the same?
Logs:
received proposals: IKE:HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
configured
10 matches
Mail list logo