[strongSwan] CURVE_25519 inacceptable
Christian Huldt
christian at solvare.se
Tue Nov 7 19:59:16 CET 2017
Den 2017-11-07 kl. 17:19, skrev Rafał Sanocki:
> Hi,
>
> I try connect client :
> strongSwan 5.6.0, Android 8.0.0 - OPR4.170623.009/2017-10-05, Nexus 5X
> - google/bullhead/LGE, Linux 3.10.73-ga51b1600b7f8, aarch64
>
> server:
> ipsec version Linux strongSwan U5.6.0/K4.13.2
>
> connection type
>
> conn vpn-ikev2
> keyexchange=ikev2
> type=transport
> left=13.41.7.54
> leftcert=proxu.s.cert
> leftid=@proxy.domain.com
> right=%any
> rightca=@#0b:c3:d4:33:....
> authby=rsasig
> keyingtries=%forever
> leftsubnet=0.0.0.0/0
> rightdns=192.168.0.2
> rightrsasigkey=%cert
>
> conn vpn-ikev2-android
> <------>also="vpn-ikev2"
> rightid="C=PL, ST=Malopolska, O=Test, OU=Sec man,
> CN=androidclient at domain.com, E=android at domain.com"
> auto=add
> rightsourceip=192.168.0.100/32
>
>
> Windows clients can connect well, but when android trying i have error
> in logs
>
> charon: 10[IKE] DH group CURVE_25519 inacceptable, requesting CURVE_25519
>
> what that mean curve_25519 != curve_25519??
What does the logs say about windows clients connecting?
> Every helpful hint would be highly appreciated.
> Rafał
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171107/243cd5bb/attachment.sig>
More information about the Users
mailing list