-   Linux - Networking (
-   -   Openswan does not connect when using sha256 (RHEL 6.2) (

jewelthief 03-22-2013 01:08 PM

Openswan does not connect when using sha256 (RHEL 6.2)
I am trying to connect openswan 2.6.16 on two RHEL 6.2 (kernel 2.6.32-220) virtual machines (gateway1 and gateway2) using IKEv2. It all works well and makes tunnel with ESP authentication algorithms md5 and sha1 but when I pass sha2_256 in ipsec.conf file i.e. "phase2alg=aes256-sha2_256", pluto tells me (in /var/log/secure) that it has sent I2 message and expects R2 message and then nothing further happens.

I have also checked the traffic in wireshark(on gateway1) and it happens that only three messages are exchanged between gateway1 and gateway2 i.e. gateway1---->gateway2(ike_sa_init), gateway2---->gateway1(ike_sa_init), gateway1---->gateway2(ike_auth) and then 4th message never arrives at gateway1.

I think that there happens some confusion between gateway1 and gateway2 when using sha2 family of functions because sha1 works all fine.

Has any one experienced this problem before? Any help would appreciated. Thanks.

Note: I am not using redhat's build of openswan and I dont want to because of some compulsions instead I am using openswan downloaded from openswan project page.

All times are GMT -5. The time now is 01:09 PM.