Hi Tobias, No patches were applied to Srongswan 5.5.3. From the configuration options the option --enable-kernel-pfkey is used, which means I assume both netlink(by default) and pfkey are used. Is there a way to check this during runtime?
How to go about from here if pfkey is used to support the AUTH_HMAC_SHA2_256_96 algorithm? Thanks, Obi On Wed, Oct 27, 2021 at 10:10 AM Tobias Brunner <tob...@strongswan.org> wrote: > Hi Obi, > > > The environment is Stronswan version 5.5.3, Linux kernel 4.1.52. > > Were there any patches applied? Are you sure you're using the > kernel-netlink and not the kernel-pfkey plugin? Because since 4.3.6 > there is a static mapping in the kernel-netlink plugin from > AUTH_HMAC_SHA2_256_96 to "sha256" (instead of "hmac(sha256)"). So with > any version newer than that, there should never be this message: > > > algorithm HMAC_SHA2_256_96 not supported by kernel! > > Unless the integrity_algs array was deliberately modified or you are not > using the kernel-netlink plugin. > > Regards, > Tobias >
