Hi Andreas, Is there any support if strongswan can provide to explicitly mention IKE integrity and PRF , in future ?
Below is what from earlier discussion, but not concluded. http://thread.gmane.org/gmane.network.vpn.strongswan.user/2240 Will there be similar support to mention in ESP cipher suites as well ? Thanks, Gowri Shankar On Tuesday 16 October 2012 11:21 AM, Andreas Steffen wrote: > Hello Robert, > > in ipsec.conf currently the IKEv2 PRF cannot be configured > independently of the IKEv2 integrity method. > > ike=aes128-aesxcbc-modp2048! > > configures both. > > Regards > > Andreas > > On 10/16/2012 07:43 AM, Robert Lee wrote: >> Hi, >> >> How can I specify AES128-XCBC as the Pseudo Random Function in ipsec.conf? >> >> In the testing folder under >> ~/strongswan-5.0.1/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat, I >> see the following two lines from moon and carol: >> moon:: ipsec statusall 2> /dev/null::rw.*IKE >> proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES >> carol::ipsec statusall 2> /dev/null::home.*IKE >> proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES >> >> Looks like they are using PRF_AES128_XCBC already. But in the >> corresponding moon's or carol's ipsec.conf, I only see >> ike=aes128-aesxcbc-modp2048! >> esp=aes128-aesxcbc-modp2048! >> >> So how can I make strongswan use AES128-XCBC as the designated PRF? Thank >> you! >> >> Robert > > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
