Hi, > Ipsec v3 (RFC's 4301 and 4303)
The Linux kernel does not completely support the new IPsec standards. It currently does not support Extended Sequence Numbers or Traffic Selector ranges (only complete subnets). > IKEv2 > OCSP (over http) for CRL's and CA management > Automatic Keying > Ike=aes128-sha2_256-modp2048 This is supported by strongSwan. > Esp=aes128-sha2_256 The Linux kernel uses an incorrect truncation scheme for ESP packets with SHA256. You might try to use the patch available at [1] to use the correct 96-bit truncation. > 1. Does strongswan support RHEL5.2 (x86_64 64 bit)? It should. There was a bug in earlier RHELs, where querying SAs in the kernel immediately deletes them. I don't know if this is still correct for 5.2, but you'll see SAs disappearing when running "ipsec statusall". > 2. Are there are any known issues for this version of this OS for the > IPsec params mentioned above? As mentioned. > 3. Where can I find rpms for RHEL5? There are no official RPMs for RHEL. There is currently a discussion about spec files on this list, you might want to try one of these. Regards Martin [1]http://kerneltrap.org/mailarchive/linux-kernel/2008/6/5/2039114 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
