On Thu, 1 Aug 2024, Vinayak Telkar via Swan wrote:
I was exploring on usage of AH_AES_128_GMAC, AH_AES_192_GMAC and
AH_AES_256_GMAC in ipsec.conf on RHEL.( Red Hat
Enterprise Linux release 9.4)
It should be:
phase2=ah
ah=aes_gmac
but testing shows this did not work. I think we forgot to add these to
AH and only added them to ESP. You can use ESP_NULL to sort of get the
same as AH using:
phase2=esp
esp=null_auth_aes_gmac
We will work on a patch. Although in general, you should move away from
AH to ESP_NULL - especially if NATs might appear in the middle.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
