So I managed to get a hold of the version of ipsec-tools that has AES-GCM support. Here is a script that I try to execute through setkey:


add ah 24500 -m tunnel -A hmac-sha384 "123456789012345678901234567890123456789012345678";
add esp 24511 -m tunnel -E aes-gcm-16 "12345678901234567890";

and I keep getting this error at the aes-gcm-q6 line.
"syntax error at [12345678901234567890] parse failed"

What am I doing wrong? 

Thanks for all the help

On Mon, Jun 3, 2013 at 10:23 PM, Tamer Refaei <> wrote:

How do I know if there is appropriate kernel support?  I am using a 3.7.9-104 (Fedora 17).


On Mon, Jun 3, 2013 at 1:57 AM, Timo Teras <> wrote:
On Thu, 30 May 2013 15:57:00 -0400
Tamer Refaei <> wrote:

> I am working on a project that requires the use of AES-GCM with
> setkey.  I know this mode is not supported in setkey.  Does anybody
> have a rough idea what would be needed to get this supported?

ipsec-tools CVS HEAD has support for AES-GCM in setkey. Please take a
look at there. Appropriate kernel support is needed - availability
depends on the OS and kernel version you are using.

- Timo


Tamer Refaei


Tamer Refaei