Hi Andreas, Is AES-GMAC a recent addition to StrongSwan? Is it supported in version 4.4.1? I searched for GMAC support earlier and found a post from you (back in 2009 I think) stating aes-gmac is not supported because the kernel does not support it and AH does not survive NAT-T.
Regards, Simon ----- Original Message ----- From: "Andreas Steffen" <[email protected]> To: "SaRaVanAn" <[email protected]> Cc: <[email protected]> Sent: Monday, May 28, 2012 7:54 AM Subject: Re: [strongSwan] [Strongswan] AH mode support in Strongswan for Ikev1 Hello, AH withouth ESP is not supported by strongSwan IKEv1 (which goes all the way back to FreeS/WAN). With auth=esp which is the default you opt for ESP encryption and ESP's optional authentication mode. With auth=ah you get ESP encryption withouth ESP's optional authentication mode but you get AH on top of ESP instead. If you don't want to encrypt your packets please use either ESP NULL encryption http://www.strongswan.org/uml/testresults/ikev1/esp-alg-null or AES-GMAC http://www.strongswan.org/uml/testresults/ikev1/esp-alg-aes-gmac Regards Andreas
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
