Trump DD
2016-10-21 06:57:14 UTC
Hi
I have configured newhope, and enable newhope plugin , but
strongswan 5.5.1 told me DH group NEWHOPE_128 inacceptable
08[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
08[CFG] selecting proposal:
08[CFG] an algorithm from private space would match, but peer
implementation is unknown, skipped
08[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
08[CFG] selecting proposal:
08[CFG] no acceptable ENCRYPTION_ALGORITHM found
08[CFG] selecting proposal:
08[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
08[CFG] selecting proposal:
08[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
08[CFG] selecting proposal:
08[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
08[CFG] selecting proposal:
08[CFG] no acceptable ENCRYPTION_ALGORITHM found
08[CFG] selecting proposal:
08[CFG] proposal matches
08[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128,
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
08[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128,
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_GCM_12_256/PRF_HMAC_SHA2_384/MODP_2048,
IKE:AES_CCM_12_256/PRF_HMAC_SHA2_384/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
08[CFG] selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
08[IKE] natd_chunk => 22 bytes @ 0x7fb3c000aa60
08[IKE] 0: 37 6B D6 85 77 7D D8 47 00 00 00 00 00 00 00 00 7k..w}.G........
08[IKE] 16: 2D 4F 5B 4D 01 F4 -O[M..
08[IKE] natd_hash => 20 bytes @ 0x7fb3c000aa40
08[IKE] 0: 42 74 37 46 72 9D A2 0E 16 F5 0B FF ED E5 BD C2 Bt7Fr...........
08[IKE] 16: 78 79 72 91 xyr.
08[IKE] natd_chunk => 22 bytes @ 0x7fb3c000aa60
08[IKE] 0: 37 6B D6 85 77 7D D8 47 00 00 00 00 00 00 00 00 7k..w}.G........
08[IKE] 16: 75 95 1E E3 B8 43 u....C
08[IKE] natd_hash => 20 bytes @ 0x7fb3c000a970
08[IKE] 0: EC 73 F7 79 EE 4D 42 CC 81 BF D6 91 FA 47 58 44 .s.y.MB......GXD
08[IKE] 16: 41 62 62 E1 Abb.
08[IKE] precalculated src_hash => 20 bytes @ 0x7fb3c000a970
08[IKE] 0: EC 73 F7 79 EE 4D 42 CC 81 BF D6 91 FA 47 58 44 .s.y.MB......GXD
08[IKE] 16: 41 62 62 E1 Abb.
08[IKE] precalculated dst_hash => 20 bytes @ 0x7fb3c000aa40
08[IKE] 0: 42 74 37 46 72 9D A2 0E 16 F5 0B FF ED E5 BD C2 Bt7Fr...........
08[IKE] 16: 78 79 72 91 xyr.
08[IKE] received src_hash => 20 bytes @ 0x7fb3c0008cc0
08[IKE] 0: 14 23 FC 58 22 F6 04 D7 9B D7 E9 5D 0A 00 6E 2F .#.X"......]..n/
08[IKE] 16: 2E DA 44 F9 ..D.
08[IKE] received dst_hash => 20 bytes @ 0x7fb3c0009730
08[IKE] 0: 42 74 37 46 72 9D A2 0E 16 F5 0B FF ED E5 BD C2 Bt7Fr...........
08[IKE] 16: 78 79 72 91 xyr.
08[IKE] remote host is behind NAT
08[IKE] DH group NEWHOPE_128 inacceptable, requesting MODP_2048
I have configured newhope, and enable newhope plugin , but
strongswan 5.5.1 told me DH group NEWHOPE_128 inacceptable
08[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
08[CFG] selecting proposal:
08[CFG] an algorithm from private space would match, but peer
implementation is unknown, skipped
08[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
08[CFG] selecting proposal:
08[CFG] no acceptable ENCRYPTION_ALGORITHM found
08[CFG] selecting proposal:
08[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
08[CFG] selecting proposal:
08[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
08[CFG] selecting proposal:
08[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
08[CFG] selecting proposal:
08[CFG] no acceptable ENCRYPTION_ALGORITHM found
08[CFG] selecting proposal:
08[CFG] proposal matches
08[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128,
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
08[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NEWHOPE_128,
IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_GCM_12_256/PRF_HMAC_SHA2_384/MODP_2048,
IKE:AES_CCM_12_256/PRF_HMAC_SHA2_384/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
08[CFG] selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
08[IKE] natd_chunk => 22 bytes @ 0x7fb3c000aa60
08[IKE] 0: 37 6B D6 85 77 7D D8 47 00 00 00 00 00 00 00 00 7k..w}.G........
08[IKE] 16: 2D 4F 5B 4D 01 F4 -O[M..
08[IKE] natd_hash => 20 bytes @ 0x7fb3c000aa40
08[IKE] 0: 42 74 37 46 72 9D A2 0E 16 F5 0B FF ED E5 BD C2 Bt7Fr...........
08[IKE] 16: 78 79 72 91 xyr.
08[IKE] natd_chunk => 22 bytes @ 0x7fb3c000aa60
08[IKE] 0: 37 6B D6 85 77 7D D8 47 00 00 00 00 00 00 00 00 7k..w}.G........
08[IKE] 16: 75 95 1E E3 B8 43 u....C
08[IKE] natd_hash => 20 bytes @ 0x7fb3c000a970
08[IKE] 0: EC 73 F7 79 EE 4D 42 CC 81 BF D6 91 FA 47 58 44 .s.y.MB......GXD
08[IKE] 16: 41 62 62 E1 Abb.
08[IKE] precalculated src_hash => 20 bytes @ 0x7fb3c000a970
08[IKE] 0: EC 73 F7 79 EE 4D 42 CC 81 BF D6 91 FA 47 58 44 .s.y.MB......GXD
08[IKE] 16: 41 62 62 E1 Abb.
08[IKE] precalculated dst_hash => 20 bytes @ 0x7fb3c000aa40
08[IKE] 0: 42 74 37 46 72 9D A2 0E 16 F5 0B FF ED E5 BD C2 Bt7Fr...........
08[IKE] 16: 78 79 72 91 xyr.
08[IKE] received src_hash => 20 bytes @ 0x7fb3c0008cc0
08[IKE] 0: 14 23 FC 58 22 F6 04 D7 9B D7 E9 5D 0A 00 6E 2F .#.X"......]..n/
08[IKE] 16: 2E DA 44 F9 ..D.
08[IKE] received dst_hash => 20 bytes @ 0x7fb3c0009730
08[IKE] 0: 42 74 37 46 72 9D A2 0E 16 F5 0B FF ED E5 BD C2 Bt7Fr...........
08[IKE] 16: 78 79 72 91 xyr.
08[IKE] remote host is behind NAT
08[IKE] DH group NEWHOPE_128 inacceptable, requesting MODP_2048
--
Thanks
Thanks