Thanks Andreas.
On Fri, Aug 5, 2016 at 2:29 PM, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:
> Hi Lakshmi,
>
> yes, your understanding is correct. Since AES-GCM is an
> authenticated encryption algorithm, you don't need an
> additional integrity protection function. Thus
>
> Valid
Hi Lakshmi,
yes, your understanding is correct. Since AES-GCM is an
authenticated encryption algorithm, you don't need an
additional integrity protection function. Thus
Valid IKEv1 combo:
--
keyexchange=ikev1
ike=aes256-sha256-modp2048!
esp=aes256gcm128!
Valid IKEv2 combo:
Thank you for the reply Andreas.
Can you please validate my understanding?
Valid combo:
---
keyexchange=ikev1
ike=aes256-sha256-modp2048!
esp=aes256gcm128-sha256!
Invalid combo:
keyexchange=ikev1
ike=aes256gcm128-sha256-modp2048!
Hi Lakshmi,
The old IKEv1 protocol does not support AES-GCM for IKE since
IANA hasn't assigned any encryption transform numbers:
http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-4
AES-GCM can be used for IKE protection with IKEv2, only:
Hi Team,
I am trying to use AES-GCM with IKEV1 and see that strongswan does not send
the encryption algorithm.
Is there any plugin or knob to enable the same?
Logs:
received proposals: IKE:HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
configured