[Openswan Users] Openswan Support for AES GCM 256

Jacob Edwards jme147 at msstate.edu
Fri Aug 19 00:09:22 EDT 2011


I have installed and setup Openswan 2.6.33 on two Fedora virtual machines. I
have successfully created a connection, used ping, and tcpdump to see the
IPsec packets being exchanged between machines. My project specs call for
AES GCM 256 to be used for the encryption algorithm. I have used

#ipsec auto --status
and the machine supports AES_GCM_A , AES_GCM_B, AES_GCM_C with a
minkeysize=128 and maxkeysize=256

My current conn section includes: (and works successfully)

phase2alg=aes_gcm_a-160-null

But after searching manpages and google searches, I can't figure out what
these phase2alg parameters actually mean. What is the 160? And the null?
parameters.
With my current configuration of phase2alg=aes_gcm_a-160-null, am I using
AES GCM 256?

I also want to compare IKEv1 and IKEv2 with Openswan for my project. How can
I use IKEv2 with Openswan?

Any help is greatly appreciated. Thanks.

-- 
Jacob Edwards
Graduate Research Assistant
MSU Department of Electrical and Computer Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110818/b5d633d9/attachment.html 


More information about the Users mailing list