[strongSwan] What modules to build?

Noel Kuntze noel.kuntze at thermi.consulting
Wed Jul 17 21:21:50 CEST 2019 

Hello,

Just use what works already and go from there. You could, for example, use the arguments that Arch Linux uses for the strongSwan package[1].

Kind regards

Noel

[1] https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/strongswan

Am 17.07.19 um 04:25 schrieb IL Ka:
> It seems that you are right.
>
> ECP384 is Elliptic Curve DH (ECDH) group
> https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites  
>
>
> and for ECDH you need one of *ssl plugins (botan, wolfssl, openssl)
> https://wiki.strongswan.org/projects/strongswan/wiki/PluginList 
> I think it depends on which library you have installed.
>
> First link says "b w o", which means botan, wolf and open implement this group.
>  
>
> >What other options are useful to enable for a general purpose install?
> It depends. I use this (see config options)
> https://slackbuilds.org/repository/14.2/network/strongswan/  
> and it works, at least for my install:)
>
>
> On Wed, Jul 17, 2019 at 3:19 AM Ben Greear <greearb at candelatech.com <mailto:greearb at candelatech.com>> wrote:
>
>     Hello,
>
>     While googling for the error below, it seems that my problem is probably that I am not
>     running ./configure --enable-openssl
>
>     What other options are useful to enable for a general purpose install?
>
>     Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
>     Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] peer didn't accept DH group MODP_3072, it requested ECP_384
>     Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA _vrf4[19] to 192.168.5.1
>     Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA _vrf4[19] to 192.168.5.1
>     Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] requested DH group ECP_384 not supported
>
>     Thanks,
>     Ben
>
>     -- 
>     Ben Greear <greearb at candelatech.com <mailto:greearb at candelatech.com>>
>     Candela Technologies Inc  http://www.candelatech.com
>

-- 
Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190717/d9cd670b/attachment.sig>

More information about the Users mailing list