[strongSwan] What modules to build?

IL Ka kazakevichilya at gmail.com
Wed Jul 17 04:25:14 CEST 2019


It seems that you are right.

ECP384 is Elliptic Curve DH (ECDH) group
https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites


and for ECDH you need one of *ssl plugins (botan, wolfssl, openssl)
https://wiki.strongswan.org/projects/strongswan/wiki/PluginList
I think it depends on which library you have installed.

First link says "b w o", which means botan, wolf and open implement this
group.


>What other options are useful to enable for a general purpose install?
It depends. I use this (see config options)
https://slackbuilds.org/repository/14.2/network/strongswan/
and it works, at least for my install:)


On Wed, Jul 17, 2019 at 3:19 AM Ben Greear <greearb at candelatech.com> wrote:

> Hello,
>
> While googling for the error below, it seems that my problem is probably
> that I am not
> running ./configure --enable-openssl
>
> What other options are useful to enable for a general purpose install?
>
> Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[ENC] parsed IKE_SA_INIT
> response 0 [ N(INVAL_KE) ]
> Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] peer didn't accept DH
> group MODP_3072, it requested ECP_384
> Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA
> _vrf4[19] to 192.168.5.1
> Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA
> _vrf4[19] to 192.168.5.1
> Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] requested DH group
> ECP_384 not supported
>
> Thanks,
> Ben
>
> --
> Ben Greear <greearb at candelatech.com>
> Candela Technologies Inc  http://www.candelatech.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190717/a3ff7e59/attachment.html>


More information about the Users mailing list