OpenBSD recently made fixes to their HMAC-SHA2 implementation:
After upgrading from OpenBSD 4.4 to a pre-4.7 snapshot (hence picking up their changes), tunnels using HMAC-SHA2 with remote endpoints running racoon stopped passing traffic. Switching to HMAC-SHA1 allowed these tunnels to pass traffic again.
I don't pretend to understand exactly what's involved with the Linux IPsec implementation and how it relates to racoon in this case, so please accept my apologies if racoon isn't the proper place to make corresponding updates.
Log in to post a comment.