[Openswan Users] sha2_512 centos
_pheinrich_
pascalheinrich.de at googlemail.com
Wed Jun 25 11:42:43 EDT 2014
Andrei Muresanu <andrei.muresanu <at> gmail.com> writes:
>
>
> nobody has any idea if openswan on centos 6.5 (epel) supports
sha2_512 ?
>
> On Fri, May 30, 2014 at 5:10 PM, Andrei Muresanu
<andrei.muresanu <at> gmail.com> wrote:
> Hi all,
> I am trying to establish a vpn tunnel with
>
> ike=aes256-sha2_512;modp1536
>
> but am getting:
>
>
> | proposal 1 succeeded encr= (policy:aes-cbc vs offered:aes-
cbc)
> | failed integ=(policy:auth-none vs
offered:AUTH_HMAC_SHA2_512_256)
> | failed prf= (policy:(null) vs offered:prf-hmac-
sha2-512)
> | succeeded dh= (policy:OAKLEY_GROUP_MODP1536 vs
offered:OAKLEY_GROUP_MODP1536)
>
>
>
> if i try with
>
> ike=aes256-sha2_256;modp1536
>
>
> failed integ & failed prf fail "successfully" (they show up
correctly in the log but check fails due to them being different
from sha2_512 which is requested by other gateway)
>
>
> would work with sha2_384 (accepted by other gateway) but ipsec
auto --status does not list it and if i try pluto segfaults with
"oakley_alg_makedb() ike hash halg=5 not present" (sha2_384 would
be halg id 5 i guess)
>
>
> any ideas ????
>
>
>
>
>
>
>
>
> _______________________________________________
> Users <at> lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-
made-easy
> Building and Integrating Virtual Private Networks with
Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-
2946327?n=283155
>
same problem here on debian wheezy.
Arch linux works great.
More information about the Users
mailing list