[strongSwan] Error : remote host is behind NAT - received proposals inacceptable - generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Kostya Vasilyev
kman at fastmail.com
Fri Feb 15 20:01:02 CET 2019
Moses,
Try this in your *.conf file:
conn whatever
....
....
ike=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-
modp2048,aes128-sha1-modp2048 esp=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-
modp2048,aes128-sha1-modp2048
Technically for this particular client you only need the first one -
aes256-sha256-modp2048
--
Kostya Vasilyev
kman at fastmail.com
On Fri, Feb 15, 2019, at 9:46 PM, MOSES KARIUKI wrote:
> Thanks IL Ka,
>
> Which group should I add. I am a bit of a noob here. I have checked
> the Strongswan documentation but I cant trace a list of these
> commands.>
> Thanks,
>
>
> On Fri, Feb 15, 2019 at 10:17 AM IL Ka
> <kazakevichilya at gmail.com> wrote:>> I see DH problem as Tobias said.
>> look:
>>
>> Client:
>>
>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
>> IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
>> IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048
>>
>> StrongSwan:
>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>>
>> Client wants MODP_2048 while Swan has only MODP_1024 enabled.
>>
>> As result, "no acceptable DIFFIE_HELLMAN_GROUP found"
>>
>> See ipsec.conf for "ike" setting. Especially about "modpgroup".
>>
>>
>>
>>
>>
>> Без вирусов. www.avg.com[1]
>>
>>
>> On Fri, Feb 15, 2019 at 8:42 AM MOSES KARIUKI
>> <kariukims at gmail.com> wrote:>>> Dear Team,
>>> Please see below:
>>>
>>> **ipsec statusall**
>>> Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-
>>> generic, x86_64):>>> uptime: 17 hours, since Feb 14 11:52:17 2019
>>> malloc: sbrk 1757184, mmap 0, used 534320, free 1222864
>>> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue:
>>> 0/0/0/0, scheduled: 0>>> loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random
>>> nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12
>>> pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm
>>> attr kernel-netlink resolve socket-default connmark stroke updown
>>> eap-mschapv2 xauth-generic counters>>> Virtual IP pools (size/online/offline):
>>> 10.10.10.0/24: 254/0/0
>>> Listening IP addresses:
>>> 102.1*9.2*9.**
>>> Connections:
>>> ikev2-vpn: %any...%any IKEv2, dpddelay=300s
>>> ikev2-vpn: local: [102.1*9.2*9.**] uses public key
>>> authentication>>> ikev2-vpn: cert: "CN=102.1*9.2*9.**"
>>> ikev2-vpn: remote: [fromcert] uses EAP_MSCHAPV2 authentication
>>> with EAP identity '%any'>>> ikev2-vpn: child: 0.0.0.0/0 === dynamic TUNNEL,
>>> dpdaction=clear>>> Security Associations (0 up, 0 connecting):
>>> none
>>>
>>>
>>> **systemctl status strongswan**
>>> ● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using
>>> ipsec.conf>>> Loaded: loaded (/lib/systemd/system/strongswan.service; enabled;
>>> vendor preset: enabled)>>> Active: active (running) since Thu 2019-02-14 11:52:17 UTC; 17h
>>> ago>>> Main PID: 2204 (starter)
>>> Tasks: 18 (limit: 2275)
>>> CGroup: /system.slice/strongswan.service
>>> ├─2204 /usr/lib/ipsec/starter --daemon charon --nofork
>>> └─2232 /usr/lib/ipsec/charon --debug-ike 1 --debug-knl 1
>>> --debug-cfg 2>>>
>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 09[CFG] received proposals:
>>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_C>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 09[CFG] configured proposals:
>>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 09[IKE] remote host is behind NAT>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 09[IKE] received proposals inacceptable>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 09[ENC] generating IKE_SA_INIT response 0 [
>>> N(NO_PROP) ]>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 09[NET] sending packet: from 102.1*9.2*9.**[500] to
>>> 154.153.1*0.***[500] (36 bytes)>>> Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 10[CFG] proposing traffic selectors for us:>>> Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 10[CFG] 0.0.0.0/0>>> Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 10[CFG] proposing traffic selectors for other:>>> Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> charon[2232]: 10[CFG] dynamic>>>
>>> The error log:
>>>
>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[NET] received packet: from 154.153.1*0.***[500] to
>>> 102.1*9.2*9.**[500] (632 bytes)>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP)
>>> N(NATD_S_IP) N(NATD_D_IP) V V V V ]>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-
>>> generic, x86_64)>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-
>>> cert.pem'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loading ocsp signer certificates from
>>> '/etc/ipsec.d/ocspcerts'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loading crls from '/etc/ipsec.d/crls'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loading secrets from '/etc/ipsec.secrets'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/server-
>>> key.pem'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[CFG] loaded EAP secret for remoteprivate>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1
>>> random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8
>>> pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac
>>> gcm attr kernel-netlink resolve socket-default connmark stroke
>>> updown eap-mschapv2 xauth-generic counters>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[LIB] dropped capabilities, running as uid 0, gid 0>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 00[JOB] spawning 16 worker threads>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] received stroke: add connection 'ikev2-vpn'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] conn ikev2-vpn>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] left=%any>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] leftsubnet=0.0.0.0/0>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] leftid=102.1*9.2*9.**>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] leftcert=server-cert.pem>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] right=%any>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] rightsourceip=10.10.10.0/24>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] rightdns=8.8.8.8,8.8.4.4>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] rightauth=eap-mschapv2>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] rightid=%fromcert>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] eap_identity=%identity>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-
>>> modp1024!>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] esp=aes256-sha256,aes256-sha1,3des-sha1!>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] dpddelay=300>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] dpdtimeout=150>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] dpdaction=1>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] sha256_96=no>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] mediation=no>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] keyexchange=ikev2>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] adding virtual IP address pool 10.10.10.0/24>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] loaded certificate "CN=102.1*9.2*9.**" from 'server-
>>> cert.pem'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 05[CFG] added configuration 'ikev2-vpn'>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 08[NET] received packet: from 216.218.206.86[8310] to
>>> 102.1*9.2*9.**[500] (64 bytes)>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 08[ENC] parsed ID_PROT request 0 [ SA ]>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[CFG] looking for an ike config for
>>> 102.1*9.2*9.**...154.153.1*0.***>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 08[CFG] looking for an ike config for
>>> 102.1*9.2*9.**...216.218.206.86>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 08[IKE] no IKE config found for 102.1*9.2*9.**...216.218.206.86,
>>> sending NO_PROPOSAL_CHOSEN>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a
>>> ipsec[2204]: 08[ENC] generating INFORMATIONAL_V1 request 2332246493
>>> [ N(NO_PROP) ]>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 08[NET] sending packet: from 102.1*9.2*9.**[500] to
>>> 216.218.206.86[8310] (40 bytes)>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[NET] received packet: from 154.153.1*0.***[500] to
>>> 102.1*9.2*9.**[500] (632 bytes)>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP)
>>> N(NATD_S_IP) N(NATD_D_IP) V V V V ]>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] looking for an ike config for
>>> 102.1*9.2*9.**...154.153.1*0.***>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] candidate: %any...%any, prio 28>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] found matching ike config: %any...%any with prio 28>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[IKE] received MS-Negotiation Discovery Capable vendor ID>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[IKE] received Vid-Initial-Contact vendor ID>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[ENC] received unknown vendor ID:
>>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[IKE] 154.153.1*0.*** is initiating an IKE_SA>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable ENCRYPTION_ALGORITHM found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable ENCRYPTION_ALGORITHM found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable ENCRYPTION_ALGORITHM found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] no acceptable ENCRYPTION_ALGORITHM found>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] received proposals:
>>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
>>> IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
>>> IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[CFG] candidate: %any...%any, prio 28>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]:
>>> 09[CFG] configured proposals:
>>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[CFG] found matching ike config: %any...%any with prio 28>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[IKE] received MS-Negotiation Discovery Capable vendor ID>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[IKE] received Vid-Initial-Contact vendor ID>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[ENC] received unknown vendor ID:
>>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[IKE] 154.153.1*0.*** is initiating an IKE_SA>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[CFG] selecting proposal:>>> Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon:
>>> 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found>>>
Links:
1. http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190215/7a537ce2/attachment-0001.html>
More information about the Users
mailing list