<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial, helvetica, sans-serif;font-size:12pt;color:#000000;"><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt; "><br></div><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt; ">I am perplexed. It looks to me like both sides could agree on a proposal but do not for some reason. I'm trying to set up an ipsec connection between StrongSwan on CentOS linux and a Mocana stack implementation on an embedded Linux device. I'm new to StrongSwan and if anyone can provide some guidance or suggestions, I'd be mucho appreciative. I've attached some relevant information below.</div><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt; "><br></div><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif;
font-size: 12pt; ">Thanks in advance,</div><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt; ">Bill</div><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] found payload of type TRAFFIC_SELECTOR_RESPONDER</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] parsed CREATE_CHILD_SA request 13 [ N(USE_TRANSP) SA No KE TSi TSr ]</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[LIB] size of DH secret exponent: 1023 bits</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] looking for a child config for 10.168.80.8/32[icmp] ===
10.168.65.1/32[icmp] </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] proposing traffic selectors for us:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] 10.168.80.8/32 (derived from dynamic)</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] proposing traffic selectors for other:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] 10.168.65.1/32 (derived from dynamic)</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] candidate "testipsec" with prio 1+1</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] found matching child config "testipsec" with prio 2</font></div><div><font
class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] selecting proposal:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] no acceptable DIFFIE_HELLMAN_GROUP found</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] selecting proposal:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] no acceptable DIFFIE_HELLMAN_GROUP found</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] received proposals: ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/HMAC_SHA2_256_128/MODP_1024/MODP_768/MODP_1536/MODP_2048/MODP_NONE/NO_EXT_SEQ</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ,
ESP:AES_GCM_16_128/NO_EXT_SEQ</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[IKE] no acceptable proposal found</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] added payload of type NOTIFY to message</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] added payload of type NOTIFY to message</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] generating CREATE_CHILD_SA response 13 [ N(NO_PROP) ]</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] insert payload NOTIFY to encryption payload</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Nov 12 16:50:17 13[ENC] generating payload of type HEADER</font></div><div><font class="Apple-style-span"
face="arial, helvetica, sans-serif"><br></font></div></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# ipsec statusall</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Status of IKEv2 charon daemon (strongSwan 4.5.0):</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> uptime: 4 minutes, since Nov 12 16:48:36 2010</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> malloc: sbrk 253952, mmap 0, used 175408, free 78544</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> worker threads: 9 idle of 16, job queue load: 0, scheduled events: 2</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> loaded plugins: aes des
sha1 sha2 md5 random x509 revocation pubkey pkcs1 pgp pem openssl gcrypt fips-prf gmp xcbc hmac gcm attr kernel-netlink resolve socket-raw stroke updown </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Listening IP addresses:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> 10.168.80.8</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> 2005:a8::21e:c9ff:feff:124</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> 2004:a8::21e:c9ff:feff:124</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Connections:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> testipsec: 10.168.80.8...10.168.65.1</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> testipsec:
local: [10.168.80.8] uses pre-shared key authentication</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> testipsec: remote: [10.168.65.1] uses any authentication</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> testipsec: child: dynamic === dynamic </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Security Associations:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> testipsec[1]: ESTABLISHED 3 minutes ago, 10.168.80.8[10.168.80.8]...10.168.65.1[10.168.65.1]</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> testipsec[1]: IKE SPIs: 94ffc82723b04b1b_i* 07df56bf80bfe16f_r, pre-shared key reauthentication in 52 minutes</font></div><div><font class="Apple-style-span" face="arial, helvetica,
sans-serif"> testipsec[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# ipsec listall</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">List of registered IKEv2 Algorithms:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> encryption: AES_CBC 3DES_CBC
DES_CBC DES_ECB CAMELLIA_CBC RC5_CBC IDEA_CBC CAST_CBC BLOWFISH_CBC NULL AES_CTR CAMELLIA_CTR SERPENT_CBC TWOFISH_CBC </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> integrity: AES_XCBC_96 CAMELLIA_XCBC_96 HMAC_SHA1_96 HMAC_SHA1_128 HMAC_SHA1_160 HMAC_SHA2_256_128 HMAC_SHA2_256_256 HMAC_MD5_96 HMAC_MD5_128 HMAC_SHA2_384_192 HMAC_SHA2_384_384 HMAC_SHA2_512_256 </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> aead: AES_GCM_8 AES_GCM_12 AES_GCM_16 </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> hasher: HASH_SHA1 HASH_SHA224 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5 HASH_MD2 HASH_MD4 </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> prf: PRF_KEYED_SHA1 PRF_FIPS_SHA1_160
PRF_AES128_XCBC PRF_CAMELLIA128_XCBC PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512 </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"> dh-group: MODP_2048 MODP_2048_224 MODP_2048_256 MODP_1536 ECP_256 ECP_384 ECP_521 ECP_224 ECP_192 MODP_3072 MODP_4096 MODP_6144 MODP_8192 MODP_1024 MODP_1024_160 MODP_768 MODP_CUSTOM </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# cat ipsec.conf</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"># ipsec.conf - strongSwan IPsec configuration
file</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"># basic configuration</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">config setup</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif"># plutodebug=all</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif"># crlcheckinterval=600</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span"
face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif"># strictcrlpolicy=yes</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif"># cachecrls=yes</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif"># nat_traversal=yes</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif"># charonstart=no</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial,
helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">plutostart=no</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"># Add connections here.</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">conn %default</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">ikelifetime=60m</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica,
sans-serif">keylife=20m</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">rekeymargin=3m</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">keyingtries=1</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">mobike=no</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica,
sans-serif">authby=secret</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">keyexchange=ikev2</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">#ike=aes256-sha256-ecp256,aes128-sha256-ecp256!</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">esp=aes256gcm16,aes128gcm16!</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">conn
testipsec</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">type=transport </font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">left=10.168.80.8</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">#leftprotoport=icmp</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica,
sans-serif">#leftid=kap</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">right=10.168.65.1</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">#rightprotoport=icmp</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica, sans-serif">#rightid=cep</font></div><div><span class="Apple-tab-span" style="white-space:pre"><font class="Apple-style-span" face="arial, helvetica, sans-serif"> </font></span><font class="Apple-style-span" face="arial, helvetica,
sans-serif">auto=add</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# ipsec version</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Linux strongSwan U4.5.0/K2.6.36-1</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Institute for Internet Technologies and Applications</font></div><div><font
class="Apple-style-span" face="arial, helvetica, sans-serif">University of Applied Sciences Rapperswil, Switzerland</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">See 'ipsec --copyright' for copyright information.</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# openssl version</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">OpenSSL 0.9.8n 24 Mar 2010</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">[root@KAP8 etc]# </font></div><div style="font-family: arial, helvetica, sans-serif; "><br></div></div><div style="position: fixed; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt; "></div>
</div><br>
</body></html>