Thanks Kapil for quick reply. I grep for 'intel_aesni' at /proc/crypto and found below -
module : aesni_intel driver : crc32c-intel It seems that our EC2 instance is on that kernel. On Wed, Jun 22, 2016 at 8:42 AM, Kapil Adhikesavalu <[email protected]> wrote: > Hi Sandeep, > > Are you by any chance using intel_aesni klm (check /proc/crypto) ? If so, > aesgcm256 is not supported until kernel 4.1. > > Otherwise you can check the logs to see for any errors. > > Related to GCM256 - https://wiki.strongswan.org/issues/341 > > Thanks > Kapil > On 22-Jun-2016 7:12 AM, "sandeep dubey" <[email protected]> wrote: > >> Hi Andreas, >> >> Thanks for the reply, I tried but it didn't worked for me. >> >> my config - >> >> conn support-node >> authby=secret >> auto=start >> type=tunnel >> left=172.19.17.23 >> leftid=5.6.7.8 >> leftsubnet=172.19.0.0/16 >> leftauth=psk >> right=1.2.3.4 >> rightsubnet=10.10.0.0/16 >> rightauth=psk >> ike=aes256gcm12-modp1536 >> esp=aes256gcm12-modp1536 >> >> On Tue, Jun 21, 2016 at 6:53 PM, Andreas Steffen < >> [email protected]> wrote: >> >>> Hi Sandeep, >>> >>> since AES-GCM is an authenticated encryption algorithm >>> no hash algorithm is needed in the esp statement: >>> >>> esp=aes256gcm12-modp1536 >>> >>> Regards >>> >>> Andreas >>> >>> >>> On 21.06.2016 16:27, sandeep dubey wrote: >>> >>>> Hi, s >>>> >>>> I am new to strongswan world and have successfully setup a tunnel >>>> between two AWS's VPC, But i have to make some changes in config to >>>> comply with security requirement which is not working even after >>>> multiple tries. I went through old bug for intel-eni which was fixed but >>>> couldn't find any way to check and confirm if i have that fix or not. >>>> >>>> Bug ref. - http://wiki.strongswan.org/issues/341 >>>> Fix ref. - https://marc.info/?l=linux-crypto-vger&m=139388786131685&w=2 >>>> >>>> The only difference in my working config and not working config is as >>>> below - >>>> >>>> Working with - >>>> ike=aes128-sha1-modp1024 >>>> esp=aes128-sha1-modp1024 >>>> >>>> Not working with - >>>> ike=aes256gcm12-sha256-modp1536 >>>> esp=aes256gcm12-sha256-modp1536 >>>> >>>> >>>> I am using ikev2 on EC2 instance with kernel 3.13.0-85-generic >>>> #129-Ubuntu SMP. >>>> >>>> Can someone help me ? >>>> >>>> -- >>>> Regards, >>>> Sandeep >>>> >>> >>> ====================================================================== >>> Andreas Steffen [email protected] >>> strongSwan - the Open Source VPN Solution! www.strongswan.org >>> Institute for Internet Technologies and Applications >>> University of Applied Sciences Rapperswil >>> CH-8640 Rapperswil (Switzerland) >>> ===========================================================[ITA-HSR]== >>> >>> >> >> >> -- >> Regards, >> Sandeep >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> > -- Regards, Sandeep
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
