Hi Andreas Thanks for your information, I will try to upgrade linux kernel
On Thu, Nov 19, 2015 at 1:39 PM, Andreas Steffen <[email protected]> wrote: > Hi John, > > you need at least a Linux 4.2 kernel for chacha20poly1305 ESP > to be supported. > > Best regards > > Andreas > > > On 19.11.2015 03:54, John WW wrote: >> >> the left peer running on Linux localhost 4.1.5-x86_64 >> >> On Thu, Nov 19, 2015 at 10:47 AM, John WW <[email protected]> wrote: >>> >>> Hi Tobias >>> >>> Thanks for you reply. >>> I have pull source from android-chapoly branch, and build it >>> successfully, But it's failed when I try to establish connection. >>> I have a Question, To enable chacha20 support, have any system >>> requirement on left peer ? >>> >>> below is my strongswan log >>> >>> 02[KNL] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 02[KNL] 240: 00 00 00 00 01 00 00 00 02 00 01 20 20 00 00 00 >>> ........... ... >>> 02[KNL] 256: 00 00 00 00 70 00 12 00 72 66 63 37 35 33 39 65 >>> ....p...rfc7539e >>> 02[KNL] 272: 73 70 28 63 68 61 63 68 61 32 30 2C 70 6F 6C 79 >>> sp(chacha20,poly >>> 02[KNL] 288: 31 33 30 35 29 00 00 00 00 00 00 00 00 00 00 00 >>> 1305)........... >>> 02[KNL] 304: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 02[KNL] 320: 00 00 00 00 00 00 00 00 20 01 00 00 80 00 00 00 ........ >>> ....... >>> 02[KNL] 336: 45 92 EA 40 EB 5E 05 46 6E 09 AF 24 AD 3E 46 5B >>> E..@.^.Fn..$.>F[ >>> 02[KNL] 352: F0 7C DF 87 EC 9A BC A5 20 BF 1F 9D E2 FC 76 15 .|...... >>> .....v. >>> 02[KNL] 368: 4F 78 8D 5F 1C 00 04 00 02 00 11 94 B0 CE 00 00 >>> Ox._............ >>> 02[KNL] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 02[KNL] received netlink error: Function not implemented (38) >>> 02[KNL] unable to add SAD entry with SPI 0a3c776e >>> 02[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel >>> 02[ENC] added payload of type NOTIFY to message >>> 02[IKE] failed to establish CHILD_SA, keeping IKE_SA >>> 02[KNL] deleting SAD entry with SPI c73657b2 (mark 0/0x00000000) >>> >>> >>> conn android >>> keyexchange=ikev2 >>> left=%defaultroute >>> leftauth=pubkey >>> leftsubnet=0.0.0.0/0 >>> leftfirewall=yes >>> leftcert=server.cert.pem >>> leftid="C=CN, O=strongxyz, CN=x.x.x.x" >>> right=%any >>> rightid="C=CN, O=strongxyz, CN=android" >>> rightsourceip=10.7.0.0/24 >>> rightcert=android.client.cert.pem >>> >>> ike=aes256ccm128-sha256-modp2048,aes256gcm128-sha256-modp2048,aes256gcm96-sha384-modp2048,aes256ccm96-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,aes128-sha1-modp2048! >>> >>> esp=chacha20poly1305,aes128gcm128,aes256gcm128,aes256ccm128-sha256-modp2048,aes256ccm128-sha256-modp2048,aes256gcm128-sha256-modp2048,aes256gcm96-sha384-modp2048,aes256ccm96-sha512-modp2048,aes256-sha256,aes128-sha1-modp2048! >>> mobike=yes >>> compress=yes >>> auto=add >>> >>> If I remove 'chacha20poly1305' in esp, all is right >>> >>> On Wed, Nov 18, 2015 at 7:00 PM, Tobias Brunner <[email protected]> >>> wrote: >>>> >>>> Hi John, >>>> >>>>> How can I enable chacha20 in Android app ? >>>>> is't possible update Android.mk to add chacha20 plugin for support it ? >>>> >>>> >>>> Please have a look at the patches in the android-chapoly branch [1]. >>>> >>>> Regards, >>>> Tobias >>>> >>>> [1] >>>> >>>> https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/android-chapoly >>>> >>> >>> >>> >>> -- >>> Thanks > > > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > -- Thanks _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
