[strongSwan] CURVE_25519 inacceptable

Rafał Sanocki rafal.sanocki at gmail.com
Wed Nov 8 09:46:54 CET 2017 

Hi,
Anvar this is log from android :
Nov 7 15:39:12 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, 
Android 8.0.0 - OPR4.170623.009/2017-10-05, Nexus 5X - 
google/bullhead/LGE, Linux 3.10.73-ga51b1600b7f8, aarch64)
Nov 7 15:39:12 00[LIB] loaded plugins: androidbridge charon android-log 
openssl fips-prf random nonce pubkey chapoly curve25519 pkcs1 pkcs8 pem 
xcbc hmac socket-default revocation eap-identity eap-mschapv2 eap-md5 
eap-gtc eap-tls x509

curve25519 loaded

but on server, charon didn't loading curve so i loaded, and android can 
connect now.

Thanks for help
Rafał


W dniu 2017-11-07 o 20:22, Anvar Kuchkartaev pisze:
> As far as I know android clients are not supported curve25519.
>
> Anvar Kuchkartaev
> anvar at anvartay.com
> *From: *Rafał Sanocki
> *Sent: *martes, 7 de noviembre de 2017 05:19 p.m.
> *To: *users at lists.strongswan.org
> *Subject: *[strongSwan] CURVE_25519 inacceptable
>
>
> Hi,
>
> I try connect client :
> strongSwan 5.6.0, Android 8.0.0 - OPR4.170623.009/2017-10-05, Nexus 5X 
> - google/bullhead/LGE, Linux 3.10.73-ga51b1600b7f8, aarch64
>
> server:
>  ipsec version Linux strongSwan U5.6.0/K4.13.2
>
> connection type
>
> conn vpn-ikev2
> keyexchange=ikev2
>         type=transport
>         left=13.41.7.54
>         leftcert=proxu.s.cert
> leftid=@proxy.domain.com
>         right=%any
>         rightca=@#0b:c3:d4:33:....
>         authby=rsasig
>         keyingtries=%forever
>         leftsubnet=0.0.0.0/0
>         rightdns=192.168.0.2
>         rightrsasigkey=%cert
>
> conn vpn-ikev2-android
> <------>also="vpn-ikev2"
>         rightid="C=PL, ST=Malopolska, O=Test, OU=Sec man, 
> CN=androidclient at domain.com, E=android at domain.com"
>         auto=add
>         rightsourceip=192.168.0.100/32
>
>
> Windows clients can connect well, but when android trying i have error 
> in logs
>
> charon: 10[IKE] DH group CURVE_25519 inacceptable, requesting CURVE_25519
>
> what that mean curve_25519 != curve_25519??
>
>
> Every helpful hint would be highly appreciated.
> Rafał
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171108/00a428be/attachment-0001.html>

More information about the Users mailing list