Discussion:
[strongSwan-dev] PSEUDO_RANDOM_FUNCTION PRF_AES128_XCBC not supported!
siddesh r
2016-05-30 08:51:30 UTC
Permalink
Hi

I using below transform set for ikev2
conn net-net
left=192.168.2.1
leftauth=psk
leftsubnet=22.1.0.0/16
leftid=192.168.2.1
leftfirewall=no
right=192.168.2.2
rightauth=psk
rightsubnet=22.2.0.0/16
rightid=192.168.2.2
ike=aes128-aesxcbc-modp2048!
auto=add


And getting the below error, could any one let me know whether there is
anything wrong in the configuration


May 30 14:16:17 bgl-mitg-sim481 charon: 02[IKE] initiating IKE_SA
net-net[2] to 192.168.2.2
May 30 14:16:17 bgl-mitg-sim481 charon: 02[ENC] generating IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 30 14:16:17 bgl-mitg-sim481 charon: 02[NET] sending packet: from
192.168.2.1[500] to 192.168.2.2[500]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[NET] received packet: from
192.168.2.2[500] to 192.168.2.1[500]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[ENC] parsed IKE_SA_INIT response
0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] PSEUDO_RANDOM_FUNCTION
PRF_AES128_XCBC not supported!
May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] key derivation failed.

Thanks in advance,
Siddesh
Andreas Steffen
2016-05-30 10:00:15 UTC
Permalink
Hi Siddesh,

check with the ipsec statusall command if the xcbc plugin
is loaded which is required for AES-XCBC support.

Regards

Andreas
Post by siddesh r
Hi
I using below transform set for ikev2
conn net-net
left=192.168.2.1
leftauth=psk
leftsubnet=22.1.0.0/16 <http://22.1.0.0/16>
leftid=192.168.2.1
leftfirewall=no
right=192.168.2.2
rightauth=psk
rightsubnet=22.2.0.0/16 <http://22.2.0.0/16>
rightid=192.168.2.2
ike=aes128-aesxcbc-modp2048!
auto=add
And getting the below error, could any one let me know whether there is
anything wrong in the configuration
May 30 14:16:17 bgl-mitg-sim481 charon: 02[IKE] initiating IKE_SA
net-net[2] to 192.168.2.2
May 30 14:16:17 bgl-mitg-sim481 charon: 02[ENC] generating IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 30 14:16:17 bgl-mitg-sim481 charon: 02[NET] sending packet: from
192.168.2.1[500] to 192.168.2.2[500]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[NET] received packet: from
192.168.2.2[500] to 192.168.2.1[500]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[ENC] parsed IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] PSEUDO_RANDOM_FUNCTION
PRF_AES128_XCBC not supported!
May 30 14:16:17 bgl-mitg-sim481 charon: 10[IKE] key derivation failed.
Thanks in advance,
Siddesh
_______________________________________________
Dev mailing list
https://lists.strongswan.org/mailman/listinfo/dev
--
======================================================================
Andreas Steffen ***@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
Loading...