So I managed to get a hold of the version of ipsec-tools that has AES-GCM support. Here is a script that I try to execute through setkey:

flush;
spdflush;

add 10.0.0.2 224.1.2.3 ah 24500 -m tunnel -A hmac-sha384 "123456789012345678901234567890123456789012345678";
add 10.0.0.1 224.1.2.3 esp 24511 -m tunnel -E aes-gcm-16 "12345678901234567890";

and I keep getting this error at the aes-gcm-q6 line.
"syntax error at [12345678901234567890] parse failed"

What am I doing wrong? 

Thanks for all the help



On Mon, Jun 3, 2013 at 10:23 PM, Tamer Refaei <mtamer@gmail.com> wrote:
Thanks,

How do I know if there is appropriate kernel support?  I am using a 3.7.9-104 (Fedora 17).

Thanks


On Mon, Jun 3, 2013 at 1:57 AM, Timo Teras <timo.teras@iki.fi> wrote:
On Thu, 30 May 2013 15:57:00 -0400
Tamer Refaei <mtamer@gmail.com> wrote:

> I am working on a project that requires the use of AES-GCM with
> setkey.  I know this mode is not supported in setkey.  Does anybody
> have a rough idea what would be needed to get this supported?

ipsec-tools CVS HEAD has support for AES-GCM in setkey. Please take a
look at there. Appropriate kernel support is needed - availability
depends on the OS and kernel version you are using.

- Timo



--

----------------------------------
Tamer Refaei



--

----------------------------------
Tamer Refaei