Hi Tobias It is really, really difficult to get rid of the situation. Relative to the objective, explained in this post, I have now compiled strongswan on my raspberry.
Unfortunately there is still something which is missing, not working :-( What I understood / syslog, is that the Received SA from my BB10, didn't match with the SA from Strongswan Is that linked to DES/DH ? If yes, how to activate: Diffie-Hellman groups / DES: through configure --enable ? If the issue is comming form somewhere else ? Many Thanks Christian PS: Configuration fails if I try to add: gmp or gcrypt configure: error: gcrypt library not found Received proposals: ================ IKE:AES_CBC_256/AES_CBC_192/AES_CBC_128/3DES_CBC/DES_CBC/HMAC_SHA1_96/HMAC_MD5_96/PRF_HMAC_SHA1/PRF_HMAC_MD5/MODP_1024/MODP_768 Configured proposals: ================= IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/HMAC_MD5_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_MD5 Difference ======== By comparison what is missing DES_CBC/MODP_1024/MODP_768 My configure ========== $ ./configure --enable-aes --enable-des --enable-sha1 --enable-md4 --enable-md5 --enable-eap-md5 --enable-eap-identity --enable-hmac --disable-gmp --enable-kernel-libipsec --enable-dhcp --enable-eap-mschapv2 --enable-eap-dynamic --enable-kernel-netlink --enable-dnskey --enable-attr --enable-resolve --enable-socket-default --prefix=/usr --sysconfdir=/etc 2016-07-14 19:57 GMT+02:00 Christian Klugesherz <[email protected]>: > Hi Tobias, > > Great help. > I will compile strongswan on raspberry and will revert to you. > > Merci > > Christian > > > Message d'origine > De: Tobias Brunner > Envoyé: jeudi 14 juillet 2016 11:23 > À: Christian Klugesherz > Cc: [email protected] > Objet: Re: [strongSwan] VPN with preshared Key between BB10 and Raspberry-Pi > > Hi Christian, > >> No I don't have any error on the startup > > I was not referring to the console output. Did you check the log? > >> !! Your strongswan.conf contains manual plugin load options for charon. >> !! This is recommended for experts only, see >> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad > > Did you read the above document? > >> I guess that : eap-mschapv2 is not loaded, even I have require it in >> strongswan.conf >> How can I fix it ? > > It can't be loaded if it's not available. And according to `ipsec > listall` MD4 and DES are both missing, which are required to implement > the EAP-MSCHAPv2 protocol. So even if the plugin would be available it > can't be used. These algorithms are provided by the `des` and `md4` > plugins or one of the crypto wrappers i.e. `openssl` or `gcrypt` - none > of these are currently loaded on your system. Neither is the > eap-identity plugin, which has no other dependencies. > > If you built strongSwan yourself you have to rebuild it with the > appropriate `--enable-...` options (run `make clean` before rebuilding). > If you installed strongSwan from distribution packages you might have > to install additional packages that provide these plugins. > > Regards, > Tobias > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
