pprindeville
commented
2 years ago @Thermi Do you have time to look into this?
Closed GitArUs closed 2 years ago
pprindeville
commented
2 years ago @Thermi Do you have time to look into this?
Neustradamus
commented
2 years ago @GitArUs: A PR for 5.9.7 version here:
GitArUs
commented
2 years ago PR #19128 looks good to me. Presence of kdf plugin indeed fixes issue with ikev2. Thanks.
Neustradamus
commented
2 years ago @pprindeville has needed testers, can you reply on the PR?
Thermi
commented
2 years ago We're not yet done with this because the botan, openssl. and wolfssl plugins for example also provides KDFs, so the kdf plugin is actually optional.
pprindeville
commented
2 years ago Doh. Saw @Thermi's comment too late for PR #19128.
Thermi
commented
2 years ago don't mind, we'll do it better next time.
pprindeville
commented
2 years ago Want to take a stab at it?
Thermi
commented
2 years ago This should be a reasonable implementation of that: https://github.com/openwrt/packages/pull/19145
Thermi
commented
2 years ago done
GitArUs
commented
2 years ago Works for me. Thank You. I'm closing this.
Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.6
libstrongswan-kdf.so is compiled, but not packaged.
Problems with ikev2 were introduced most likely because of missing kdf plugin:
[IKE] KDF_PRF with PRF_UNDEFINED not supported [IKE] key derivation failed