Hi Gyula, the Linux kernel does not support AES_CMAC but strongSwan has IKE support via the cmac plugin which is enabled by default.
Regards Andreas On 27.11.2016 14:46, Gyula Kovács wrote: > Hello, > > I tried to set up an ikev2/host2host-ah connectionwith pre-shared key. > The connection failed, when choosing aescmac as integrity algorithm. > The connection was successfully built up when choosing aesxcbc integrity > algorithm. > I tried this scenario on two Debian 8.6 VMs (kernel 3.16.0-4-586 with > CONFIG_CRYPTO_CMAC=m option set) with the latest StrongSwan (v5.5.1). > I checked the log files, and found "algorithm AES_CMAC_96 not supported > by kernel!" message. > Additionally, I found that AES-CMAC-96 is not supported by StrongSwan > (https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards). > > From where comes this limitation? > Does it come from StrongSwan implementation or from Linux kernel (as > suggested by the error message)? > Does anybody have ideas? > > Best regards, > Gyula Kovacs ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users