[strongSwan] VPN with preshared Key between BB10 and Raspberry-Pi

Christian Klugesherz christian.klugesherz at gmail.com
Sun Jul 17 09:57:26 CEST 2016

Hi Tobias

It is really, really difficult to get rid of the situation.
Relative to the objective, explained in this post, I have now compiled
strongswan on my raspberry.

Unfortunately there is still something which is missing, not working :-(
What I understood / syslog, is that the Received SA from my BB10,
didn't match with the SA from Strongswan

Is that linked to DES/DH ?
If yes, how to activate: Diffie-Hellman groups / DES: through
configure --enable ?
If the issue is comming form somewhere else ?

Many Thanks


PS: Configuration fails if I try to add: gmp or gcrypt
  configure: error: gcrypt library not found

Received proposals:

Configured proposals:

By comparison what is missing

My configure
$ ./configure --enable-aes --enable-des --enable-sha1 --enable-md4
--enable-md5 --enable-eap-md5 --enable-eap-identity --enable-hmac
--disable-gmp --enable-kernel-libipsec --enable-dhcp
--enable-eap-mschapv2 --enable-eap-dynamic --enable-kernel-netlink
--enable-dnskey --enable-attr --enable-resolve --enable-socket-default
--prefix=/usr --sysconfdir=/etc

2016-07-14 19:57 GMT+02:00 Christian Klugesherz
<christian.klugesherz at gmail.com>:
> Hi Tobias,
> Great help.
> I will compile strongswan on raspberry  and will revert to you.
> Merci
> Christian
>   Message d'origine
> De: Tobias Brunner
> Envoyé: jeudi 14 juillet 2016 11:23
> À: Christian Klugesherz
> Cc: Users at lists.strongswan.org
> Objet: Re: [strongSwan] VPN with preshared Key between BB10 and Raspberry-Pi
> Hi Christian,
>> No I don't have any error on the startup
> I was not referring to the console output. Did you check the log?
>> !! Your strongswan.conf contains manual plugin load options for charon.
>> !! This is recommended for experts only, see
>> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> Did you read the above document?
>> I guess that : eap-mschapv2 is not loaded, even I have require it in
>> strongswan.conf
>> How can I fix it ?
> It can't be loaded if it's not available. And according to `ipsec
> listall` MD4 and DES are both missing, which are required to implement
> the EAP-MSCHAPv2 protocol. So even if the plugin would be available it
> can't be used. These algorithms are provided by the `des` and `md4`
> plugins or one of the crypto wrappers i.e. `openssl` or `gcrypt` - none
> of these are currently loaded on your system. Neither is the
> eap-identity plugin, which has no other dependencies.
> If you built strongSwan yourself you have to rebuild it with the
> appropriate `--enable-...` options (run `make clean` before rebuilding).
> If you installed strongSwan from distribution packages you might have
> to install additional packages that provide these plugins.
> Regards,
> Tobias

More information about the Users mailing list