Hello Robert, in ipsec.conf currently the IKEv2 PRF cannot be configured independently of the IKEv2 integrity method.
ike=aes128-aesxcbc-modp2048! configures both. Regards Andreas On 10/16/2012 07:43 AM, Robert Lee wrote: > Hi, > > How can I specify AES128-XCBC as the Pseudo Random Function in ipsec.conf? > > In the testing folder under > ~/strongswan-5.0.1/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat, I > see the following two lines from moon and carol: > moon:: ipsec statusall 2> /dev/null::rw.*IKE > proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES > carol::ipsec statusall 2> /dev/null::home.*IKE > proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES > > Looks like they are using PRF_AES128_XCBC already. But in the > corresponding moon's or carol's ipsec.conf, I only see > ike=aes128-aesxcbc-modp2048! > esp=aes128-aesxcbc-modp2048! > > So how can I make strongswan use AES128-XCBC as the designated PRF? Thank you! > > Robert ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
