Hi Sandeep, Are you by any chance using intel_aesni klm (check /proc/crypto) ? If so, aesgcm256 is not supported until kernel 4.1.
Otherwise you can check the logs to see for any errors. Related to GCM256 - https://wiki.strongswan.org/issues/341 Thanks Kapil On 22-Jun-2016 7:12 AM, "sandeep dubey" <[email protected]> wrote: > Hi Andreas, > > Thanks for the reply, I tried but it didn't worked for me. > > my config - > > conn support-node > authby=secret > auto=start > type=tunnel > left=172.19.17.23 > leftid=5.6.7.8 > leftsubnet=172.19.0.0/16 > leftauth=psk > right=1.2.3.4 > rightsubnet=10.10.0.0/16 > rightauth=psk > ike=aes256gcm12-modp1536 > esp=aes256gcm12-modp1536 > > On Tue, Jun 21, 2016 at 6:53 PM, Andreas Steffen < > [email protected]> wrote: > >> Hi Sandeep, >> >> since AES-GCM is an authenticated encryption algorithm >> no hash algorithm is needed in the esp statement: >> >> esp=aes256gcm12-modp1536 >> >> Regards >> >> Andreas >> >> >> On 21.06.2016 16:27, sandeep dubey wrote: >> >>> Hi, s >>> >>> I am new to strongswan world and have successfully setup a tunnel >>> between two AWS's VPC, But i have to make some changes in config to >>> comply with security requirement which is not working even after >>> multiple tries. I went through old bug for intel-eni which was fixed but >>> couldn't find any way to check and confirm if i have that fix or not. >>> >>> Bug ref. - http://wiki.strongswan.org/issues/341 >>> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2 >>> >>> The only difference in my working config and not working config is as >>> below - >>> >>> Working with - >>> ike=aes128-sha1-modp1024 >>> esp=aes128-sha1-modp1024 >>> >>> Not working with - >>> ike=aes256gcm12-sha256-modp1536 >>> esp=aes256gcm12-sha256-modp1536 >>> >>> >>> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic >>> #129-Ubuntu SMP. >>> >>> Can someone help me ? >>> >>> -- >>> Regards, >>> Sandeep >>> >> >> ====================================================================== >> Andreas Steffen [email protected] >> strongSwan - the Open Source VPN Solution! www.strongswan.org >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== >> >> > > > -- > Regards, > Sandeep > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
