Gupta, Deepak (Deepak) wrote: > > Martin, > > Many thanks for your reply! I appreciate it. > > Your answers are very helpful. To give you some context, we are in > an effort to support IPsec tunnels with RedHat RHEL 5.3 kernel > (2.6.18-128) (I misstyped before, it is not 5.2). And based on your > answers, it appears that strongswan meets our requirements more than > openswan (would you agree based on the requirements I had > mentioned?), however, is the kernel issue (sha256+esp) strongswan > specific? I would tend to think that this would be an issue for all > Ipsec solutions. > Yes, this is a general issue with the Linux 2.6 kernel. We offered a kernel patch more than a year ago which was unfortunately rejected by the kernel developers because they wanted backward compatibility with the old non-conforming 96-bit truncation.
> Regarding the bug for "ipsec statusall", I googled and saw an email > from Johannes that said that RHEL version 5.4 contains the fix for > this, however, it did not mention the RedHat bug number or the kernel > patch. However, Johannes' email from this morning suggests that this > fix went into 5.3 (2.6.18-164 or earlier). Is this issue Ipsec issue > or a strongswan issue? > This is an IPsec issue with the Linux 2.6 kernel. After some haggling RedHat recognized this and fixed the bug. BTW, if there is any info available on this > bug (redhat bug number etc.) or linux kernel patch, please let us > know so we can try to evaluate how best to apply it. I have done > some limited searching for this on RedHat's web site but did not find > this bug for either the 5.3 (2.6.18-128) or 5.4 kernels. > > Regards, > > -Deepak Best regards Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
