Hi,
I'm a newbie to StrongSwan. I often see the following configuration example:
ike=aes256gcm16-aesxcbc-modp2048!
esp=aes256gcm16-modp2048!
as seen in
http://www.strongswan.org/uml/testresults/ikev2/alg-aes-gcm/moon.ipsec.conf,
for example.
In my understanding aes256gcm16 can do both encryption and integrity checking
and that's why specifying "aes256gcm16-modp2048!" for esp suffices in
"encryption-integrity-dhgroup" part. What I don't understand is why we need
"aesxcbc" for "ike" in conjunction with "aes256gcm16"? Does this mean that
aes256gcm16 can't be used for integrity checking for phase 1?
Regards,
---
Motonori Shindo
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
