[strongSwan] failed to establish CHILD_SA, keeping IKE_SA
Martin Willi
martin at strongswan.org
Mon Mar 4 09:41:24 CET 2013
Hi,
There are a lot of exchanges in your log, and many of them fail for
different reasons. The error
> 14[IKE] failed to establish CHILD_SA, keeping IKE_SA
results from
> 14[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
which means that the other peer does not accept the crypto proposal
strongSwan offers for the CHILD_SA. The log of your responder might have
more details why it does not like it. You can change the proposal using
the "esp" keyword, have a look at the ipsec.conf manpage for details.
Regards
Martin
More information about the Users
mailing list