Closed GitArUs closed 2 years ago
@Thermi Do you have time to look into this?
@GitArUs: A PR for 5.9.7 version here:
PR #19128 looks good to me. Presence of kdf plugin indeed fixes issue with ikev2. Thanks.
@pprindeville has needed testers, can you reply on the PR?
We're not yet done with this because the botan, openssl. and wolfssl plugins for example also provides KDFs, so the kdf plugin is actually optional.
Doh. Saw @Thermi's comment too late for PR #19128.
don't mind, we'll do it better next time.
Want to take a stab at it?
This should be a reasonable implementation of that: https://github.com/openwrt/packages/pull/19145
done
Works for me. Thank You. I'm closing this.
Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.6
libstrongswan-kdf.so is compiled, but not packaged.
Problems with ikev2 were introduced most likely because of missing kdf plugin:
[IKE] KDF_PRF with PRF_UNDEFINED not supported [IKE] key derivation failed