[Openswan Users] sha2_512 centos
Andrei Muresanu
andrei.muresanu at gmail.com
Tue Jun 10 02:38:46 EDT 2014
nobody has any idea if openswan on centos 6.5 (epel) supports sha2_512 ?
On Fri, May 30, 2014 at 5:10 PM, Andrei Muresanu <andrei.muresanu at gmail.com>
wrote:
> Hi all,
>
> I am trying to establish a vpn tunnel with
>
> ike=aes256-sha2_512;modp1536
>
> but am getting:
>
> | proposal 1 succeeded encr= (policy:aes-cbc vs offered:aes-cbc)
> | failed integ=(policy:auth-none vs
> offered:AUTH_HMAC_SHA2_512_256)
> | failed prf= (policy:(null) vs offered:prf-hmac-sha2-512)
> | succeeded dh= (policy:OAKLEY_GROUP_MODP1536 vs
> offered:OAKLEY_GROUP_MODP1536)
>
> if i try with
>
> ike=aes256-sha2_256;modp1536
>
> failed integ & failed prf fail "successfully" (they show up correctly in
> the log but check fails due to them being different from sha2_512 which is
> requested by other gateway)
>
> would work with sha2_384 (accepted by other gateway) but ipsec auto
> --status does not list it and if i try pluto segfaults with
> "oakley_alg_makedb() ike hash halg=5 not present" (sha2_384 would be halg
> id 5 i guess)
>
> any ideas ????
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140610/887dc655/attachment.html>
More information about the Users
mailing list