Hi Tobias, Thanks for putting me on the right track. I've enabled CONFIG_GCM, CONFIG_SHA256 in the android kernel and flashed the handset. I noticed that GCM is configured as a module in my Ubuntu server so I did a modprobe on it just to make sure it was loaded. Still not connecting tho.
charon.log shows: no acceptable ENCRYPTION_ALGORITHM found Jan 12 12:11:24 14[CFG] received proposals: ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ Jan 12 12:11:24 14[CFG] configured proposals: ESP:AES_GCM_16_128/NO_EXT_SEQ Jan 12 12:11:24 14[IKE] no acceptable proposal found any thoughts? Regards, Bill Hi Bill, >* I want to use the gcm block cypher. (esp=aes128cgm16!) *>* I added gcm to the Android.mk in the strongswan_CHARON_PLUGINS list and *>* also added it to the Android.mk in src/libstrongswan. * The gcm plugin you activated with the above is for strongSwan internal use with the key exchange protocol IKEv2 and not on the IPsec level with ESP, which is what you want to enable with the esp= option. Since ESP is handled by the Linux kernel you have to build your own kernel with CRYPTO_GCM enabled in the options. So if you don't want to actually use AES-GCM with IKEv2 itself you don't have to do anything special when building strongSwan. >* The server was configured using --enable-gcm option and an ipsec listall *>* seems to confirm that the server supports it. * Same applies here, --enable-gcm only enables GCM for IKEv2. Depending on the Linux distribution you use, GCM may already be enabled in the default kernel. Regards, Tobias
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
