Hi Sandeep, since AES-GCM is an authenticated encryption algorithm no hash algorithm is needed in the esp statement:
esp=aes256gcm12-modp1536 Regards Andreas On 21.06.2016 16:27, sandeep dubey wrote:
Hi, s I am new to strongswan world and have successfully setup a tunnel between two AWS's VPC, But i have to make some changes in config to comply with security requirement which is not working even after multiple tries. I went through old bug for intel-eni which was fixed but couldn't find any way to check and confirm if i have that fix or not. Bug ref. - http://wiki.strongswan.org/issues/341 Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2 The only difference in my working config and not working config is as below - Working with - ike=aes128-sha1-modp1024 esp=aes128-sha1-modp1024 Not working with - ike=aes256gcm12-sha256-modp1536 esp=aes256gcm12-sha256-modp1536 I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic #129-Ubuntu SMP. Can someone help me ? -- Regards, Sandeep
====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
