Frodo #1813
-
Version is (strongSwan swanctl 6.0beta2) I enabled frodo in ./configure and I see .so file in /usr/local/lib/ipsec/plugins but while strongswan initiating frodo is not loaded. That is why I am not able to use multiple key exchange. This is my configure command: LOGS: charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 charon: 00[JOB] spawning 16 worker threads charon: 10[CFG] loaded 0 entries for attr plugin configuration charon: 10[CFG] loaded certificate 'C=Kim, O=Kim, CN=swone1Dev7' charon: 05[CFG] loaded certificate 'C=Kim, O=Kim, CN=swoneDev7' charon: 10[CFG] loaded certificate 'C=Kim, O=Kim, CN=CaDev' charon: 05[CFG] loaded RSA private key charon: message repeated 2 times: [ 05[CFG] loaded RSA private key] charon: 05[CFG] loaded IKE shared key with id 'ike-1' for: '192.168.50.7', '192.168.50.8' charon: 05[CFG] loaded PPK shared key with id 'ppk' for: 'abc' charon: 05[CFG] algorithm 'ke1_frodos5' not recognized |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
You can use multiple key exchanges with any key exchange method. Doesn't have to be a PQC method. Make sure you run
Note that you are running the
That's unrelated to the plugin missing but probably because the |
Beta Was this translation helpful? Give feedback.
-
Thanks for answer. |
Beta Was this translation helpful? Give feedback.
You can use multiple key exchanges with any key exchange method. Doesn't have to be a PQC method.
Make sure you run
make clean
after you changed the configure options. Also see the docs for notes regarding plugin loading.Note that you are running the
charon
daemon here. But since you built with--disable-charon
and--enable-systemd
you're not running what you built (the correct daemon would becharon-systemd
). The daemon might be from a previous build or from a distribution package you had installed (make sure to remove any such packages before installing your custom-built binaries).