openiked icon indicating copy to clipboard operation
openiked copied to clipboard
verified publisher icon reyk

aes-128-gcm not a valid transform

Open jackivanov opened this issue 7 years ago • 1 comments

Hi there,

I got this strange error on a clean OpenBSD 6.3 GENERIC#490 i386 (iked,v 1.6 2018/01/11)

/etc/iked.conf

ikev2 test \
        esp     from 0.0.0.0/0 to 0.0.0.0/0 peer 172.16.0.1 \
        ikesa enc aes-128-gcm group ecp256 \
        srcid jack \
        dstid 172.16.0.1

/sbin/iked -dvv

/etc/iked.conf: 3: aes-128-gcm not a valid transform
ca exiting, pid 374
control exiting, pid 19575
ikev2 exiting, pid 6367
Segmentation fault (core dumped)

any suggestions?

jackivanov avatar Apr 18 '18 17:04 jackivanov

The man page says aes-128-gcm is an ESP only cipher suite, but you’re trying to use it for the IKE SA.

spaletta avatar Apr 18 '18 20:04 spaletta