Date: Tue, 10 Jan 2017 18:35:08 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 215946] IPsec AH hmac-sha2 does not work with Linux Message-ID: <bug-215946-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215946 Bug ID: 215946 Summary: IPsec AH hmac-sha2 does not work with Linux Product: Base System Version: 11.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: jasonmader@gmail.com CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org IPsec AH doesn't appear to work with Linux when using the SHA2 hmac. On the FreeBSD side, add -n SRC DST ah 5000 -m transport -A hmac-sha2-384 0x96HEXKEY; never works with the Linux, ip xfrm state add src SRC dst DST proto ah spi 5000 auth-trunc "hmac(sha384= )" 0x96HEXKEY 192 mode transport I've tried a variety of truncation lengths (96, 128, 192) and hmac-sha2-256= but none worked. However by changing to "-A hmac-sha1 0x40HEXKEY" which has a default 96 bit truncation, AH worked between the two hosts. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215946-6>