Hi Mohit, why would you want to negotiate SHA256_96 with a newer kernel if the standard is SHA256_128 and can simply be configured with
esp=aes128-sha256-modp2048! IKE never supported SHA256_96, so your configuration is not valid. Thus better use ike=aes128-sha256-modp2048! Regards Andreas On 15.12.2012 18:32, Mohit Sharma wrote:
hi , I have strongswan stack setup with the following hosts host a left=10.10.10.2 right=50.50.50.2 ike=aes128-sha256_96-modp2048! esp=aes128-sha256_96-modp2048! host b left=50.50.50.2 right=10.10.10.2 ike=aes128-sha256_96-modp2048! esp=aes128-sha256_96-modp2048! But there is a problem in phase 1 proposal selection,i have a linux kernel version newer than 2.6.33,but still both host cant negotiate on sha256_96 ,please tell me if iam configuring it correctly,seconldy if its correct to use sha256_96 with linux versions later than 2.6.33 plus how to negotiate on sha256_96 on the same kernels. -- Best Regards Mohit
====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
