Hello, Just use what works already and go from there. You could, for example, use the arguments that Arch Linux uses for the strongSwan package[1].
Kind regards Noel [1] https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/strongswan Am 17.07.19 um 04:25 schrieb IL Ka: > It seems that you are right. > > ECP384 is Elliptic Curve DH (ECDH) group > https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites > > > and for ECDH you need one of *ssl plugins (botan, wolfssl, openssl) > https://wiki.strongswan.org/projects/strongswan/wiki/PluginList > I think it depends on which library you have installed. > > First link says "b w o", which means botan, wolf and open implement this > group. > > > >What other options are useful to enable for a general purpose install? > It depends. I use this (see config options) > https://slackbuilds.org/repository/14.2/network/strongswan/ > and it works, at least for my install:) > > > On Wed, Jul 17, 2019 at 3:19 AM Ben Greear <gree...@candelatech.com > <mailto:gree...@candelatech.com>> wrote: > > Hello, > > While googling for the error below, it seems that my problem is probably > that I am not > running ./configure --enable-openssl > > What other options are useful to enable for a general purpose install? > > Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[ENC] parsed IKE_SA_INIT > response 0 [ N(INVAL_KE) ] > Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] peer didn't accept DH > group MODP_3072, it requested ECP_384 > Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA > _vrf4[19] to 192.168.5.1 > Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] initiating IKE_SA > _vrf4[19] to 192.168.5.1 > Jul 16 17:08:56 lf0313-63e7 charon[1530]: 16[IKE] requested DH group > ECP_384 not supported > > Thanks, > Ben > > -- > Ben Greear <gree...@candelatech.com <mailto:gree...@candelatech.com>> > Candela Technologies Inc http://www.candelatech.com > -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
signature.asc
Description: OpenPGP digital signature