[Bug 215946] IPsec AH hmac-sha2 does not work with Linux
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 10 18:35:08 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215946
Bug ID: 215946
Summary: IPsec AH hmac-sha2 does not work with Linux
Product: Base System
Version: 11.0-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: jasonmader at gmail.com
CC: freebsd-amd64 at FreeBSD.org
CC: freebsd-amd64 at FreeBSD.org
IPsec AH doesn't appear to work with Linux when using the SHA2 hmac.
On the FreeBSD side,
add -n SRC DST ah 5000 -m transport -A hmac-sha2-384 0x96HEXKEY;
never works with the Linux,
ip xfrm state add src SRC dst DST proto ah spi 5000 auth-trunc "hmac(sha384)"
0x96HEXKEY 192 mode transport
I've tried a variety of truncation lengths (96, 128, 192) and hmac-sha2-256 but
none worked. However by changing to "-A hmac-sha1 0x40HEXKEY" which has a
default 96 bit truncation, AH worked between the two hosts.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-amd64
mailing list