Thanks for reply I have enable this options in config file.
Now in IKE phase, NEWHOPE was actived, But in ESP phase, NEWHOPE was always inactive I have check config newhope128 for esp phase in both sides: esp=aes256gcm128-newhope128 what's wrong with my config ? below is my log files, I have config NEWHOPE_128 for both side 02[CFG] selecting proposal: 02[CFG] proposal matches 02[CFG] received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ 02[CFG] configured proposals: ESP:AES_GCM_16_256/NEWHOPE_128/NO_EXT_SEQ, ESP:CHACHA20_POLY1305_256/NO_EXT_SEQ, ESP:AES_GCM_16_128/NO_EXT_SEQ, ESP:AES_CCM_16_256/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ 02[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ On Fri, Oct 21, 2016 at 7:29 PM, Andreas Steffen <[email protected]> wrote: > Which means, add the following entry to /etc/strongswan.conf: > > charon { > send_vendor_id = yes > } > > Regards > > Andreas > > On 21.10.2016 13:21, Noel Kuntze wrote: >> >> On 21.10.2016 08:57, Trump DD wrote: >>> >>> 08[CFG] an algorithm from private space would match, but peer >>> implementation is unknown, skipped >> >> >> Make sure both sides are configured to send the strongswan vendor id. >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/dev >> > > -- > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > -- Thanks _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
