<div dir="ltr">I have gotten pluto working fine, but when I change my roadwarrior configuration to use charon, I get errors about the proposal. With both of my hosts on a private network (trying to make sure I can establish a local connection before I worry with offsite connections), I see the following debug output from the gateway:<div>
<br></div><div><div>Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET] received IPv4 packet => 752 bytes @ 0x7e7fe974 </div><div>Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET] 0: 45 00 02 F0 00 00 40 00 40 11 B1 ED C0 A8 02 BE E.....@.@....... </div>
<div>Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET] 16: C0 A8 02 01 01 F4 01 F4 02 DC D7 81 15 C0 F3 CB ................ </div><div>Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET] 32: EA C1 A3 AE 00 00 00 00 00 00 00 00 21 20 22 08 ............! ". </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 48: 00 00 00 00 00 00 02 D4 22 00 01 54 02 00 00 2C ........"..T..., </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 64: 01 01 00 04 03 00 00 0C 01 00 00 0C 80 0E 00 80 ................ </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 80: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................ </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 96: 00 00 00 08 04 00 00 0E 02 00 00 28 02 01 00 04 ...........(.... </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 112: 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 02 ................ </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 128: 03 00 00 08 02 00 00 02 00 00 00 08 04 00 00 05 ................ </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 144: 00 00 00 FC 03 01 00 1D 03 00 00 0C 01 00 00 0C ................ </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 640: BB 98 C4 77 26 CA 76 CF 80 5F AA D1 51 98 19 E0 ...w&.v.._..Q... </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 656: BF EA 54 7B 29 00 00 24 66 D7 B6 AF D4 20 98 02 ..T{)..$f.... .. </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 672: B4 CA E4 41 31 DE 1A 98 2C A0 95 EC 26 1F 3E F8 ...A1...,...&.>. </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 688: 93 EE 45 4B 83 DA C0 DC 29 00 00 1C 00 00 40 04 ..EK....).....@. </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 704: E7 2B D1 F9 91 C2 46 52 06 81 8D 53 89 DE DC 70 .+....FR...S...p </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 720: 3A 32 52 5A 00 00 00 1C 00 00 40 05 14 D3 22 61 :2RZ......@..."a </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] 736: 2B 90 0E 74 F5 D5 42 59 AF 11 FD 18 E7 54 F8 66 +..t..BY.....T.f </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] received packet: from 192.168.2.190[500] to 192.168.2.1[500] </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] parsing header of message </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] parsing HEADER payload, 724 bytes left </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] parsing payload from => 724 bytes @ 0x46b600 </div><div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] 0: 15 C0 F3 CB EA C1 A3 AE 00 00 00 00 00 00 00 00 ................ </div>
<div>Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] 16: 21 20 22 08 00 00 00 00 00 00 02 D4 22 00 01 54 ! "........."..T </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 32: 02 00 00 2C 01 01 00 04 03 00 00 0C 01 00 00 0C ...,............ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 48: 80 0E 00 80 03 00 00 08 03 00 00 02 03 00 00 08 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 64: 02 00 00 02 00 00 00 08 04 00 00 0E 02 00 00 28 ...............( </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 80: 02 01 00 04 03 00 00 08 01 00 00 03 03 00 00 08 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 96: 03 00 00 02 03 00 00 08 02 00 00 02 00 00 00 08 ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 112: 04 00 00 05 00 00 00 FC 03 01 00 1D 03 00 00 0C ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 128: 01 00 00 0C 80 0E 00 80 03 00 00 0C 01 00 00 0C ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 144: 80 0E 00 C0 03 00 00 0C 01 00 00 0C 80 0E 01 00 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 160: 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 05 ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 176: 03 00 00 08 03 00 00 02 03 00 00 08 03 00 00 0C ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 192: 03 00 00 08 03 00 00 01 03 00 00 08 03 00 00 0D ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 208: 03 00 00 08 03 00 00 0E 03 00 00 08 02 00 00 04 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 224: 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02 ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 240: 03 00 00 08 02 00 00 01 03 00 00 08 02 00 00 06 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 256: 03 00 00 08 02 00 00 07 03 00 00 08 04 00 00 0E ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 272: 03 00 00 08 04 00 00 17 03 00 00 08 04 00 00 18 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 288: 03 00 00 08 04 00 00 05 03 00 00 08 04 00 00 13 ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 304: 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 320: 03 00 00 08 04 00 00 1A 03 00 00 08 04 00 00 19 ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 336: 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 ................ </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 352: 03 00 00 08 04 00 00 02 00 00 00 08 04 00 00 16 ................ </div>
<div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 368: 28 00 01 08 00 0E 00 00 40 32 A1 B5 23 DA E9 DC (.......@2..#... </div><div>Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC] 384: CA 1D 66 7C 7B 6E 74 D2 70 7E D4 6F 3A BE F5 B3 ..f|{nt.p~.o:... </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 400: B1 7A 92 F3 8B 51 F6 DB B8 3C D8 C6 E6 76 D7 AD .z...Q...<...v.. </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 416: F4 38 9C 3A 1A 9C C1 8A 9E 7F 21 07 91 39 AD D8 .8.:......!..9.. </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 432: 2A 51 50 42 68 41 17 EB 93 56 CB 98 AB 17 37 42 *QPBhA...V....7B </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 448: F4 1B 6A DE 76 43 EE FB 83 F2 AE ED 38 B2 71 6D ..j.vC......8.qm </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 464: 25 37 F4 B5 79 7B CC AD 46 AC 9B F9 20 20 84 5F %7..y{..F... ._ </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 480: 93 6C A3 E8 14 82 56 D6 50 9F E8 1B 27 39 31 C7 .l....V.P...'91. </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 496: 7D E8 C4 72 F4 1E 8B E5 40 23 29 29 A1 4B 46 1A }..r....@#)).KF. </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 512: CC AB E7 14 DA 7B 14 7D D9 2A AA 8F EE F9 E8 6E .....{.}.*.....n </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 528: B7 D0 5E 61 7B 91 5F 24 67 DD 3C F6 4B 42 02 44 ..^a{._$g.<.KB.D </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 544: 55 8D 50 EF F2 1B A8 13 47 E1 B4 CE 1B C7 6E 45 U.P.....G.....nE </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 560: 22 8B 29 A9 79 6D 6D 7C 7B A0 13 56 72 23 30 E8 ".).ymm|{..Vr#0. </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 576: E7 7F A2 96 EE 51 F8 E6 C7 63 AA B5 BD C8 8E 7B .....Q...c.....{ </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 592: 83 28 78 89 E4 46 D5 01 1A FD B3 89 78 24 28 79 .(x..F......x$(y </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 608: 70 A8 0B 26 BB 98 C4 77 26 CA 76 CF 80 5F AA D1 p..&...w&.v.._.. </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 624: 51 98 19 E0 BF EA 54 7B 29 00 00 24 66 D7 B6 AF Q.....T{)..$f... </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 640: D4 20 98 02 B4 CA E4 41 31 DE 1A 98 2C A0 95 EC . .....A1...,... </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 656: 26 1F 3E F8 93 EE 45 4B 83 DA C0 DC 29 00 00 1C &.>...EK....)... </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 672: 00 00 40 04 E7 2B D1 F9 91 C2 46 52 06 81 8D 53 ..@..+....FR...S </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 688: 89 DE DC 70 3A 32 52 5A 00 00 00 1C 00 00 40 05 ...p:2RZ......@. </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC] 704: 14 D3 22 61 2B 90 0E 74 F5 D5 42 59 AF 11 FD 18 .."a+..t..BY.... </div>
<div>Jan 27 20:40:24 gateway.linux.bogus syslog: 05[ENC] parsing rule 0 U_INT_8 </div><div>Jan 27 20:40:24 gateway.linux.bogus syslog: 05[ENC] => 34 </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] => 0 </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] => 2 </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 80: 80 0E 00 80 03 00 00 0C 01 00 00 0C 80 0E 00 C0 ................ </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] => 4 </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] => 14 </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] => 2 </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] => 1 </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 272: 04 00 00 16 28 00 01 08 00 0E 00 00 40 32 A1 B5 ....(.......@2.. </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 616 bytes left </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 208: 04 00 00 19 03 00 00 08 04 00 00 10 03 00 00 08 ................ </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 336: 14 82 56 D6 50 9F E8 1B 27 39 31 C7 7D E8 C4 72 ..V.P...'91.}..r </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing payload from => 548 bytes @ 0x46b6b0 </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 80: 03 00 00 08 04 00 00 18 03 00 00 08 04 00 00 05 ................ </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing TRANSFORM_SUBSTRUCTURE payload finished </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 96: 03 00 00 08 04 00 00 02 00 00 00 08 04 00 00 16 ................ </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 64: 03 00 00 08 04 00 00 02 00 00 00 08 04 00 00 16 ................ </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 240: 22 8B 29 A9 79 6D 6D 7C 7B A0 13 56 72 23 30 E8 ".).ymm|{..Vr#0. </div>
<div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] 32: 70 7E D4 6F 3A BE F5 B3 B1 7A 92 F3 8B 51 F6 DB p~.o:....z...Q.. </div><div>Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing rule 6 RESERVED_BIT </div>
<div><br></div><div><br></div><div>My client shows</div><div><div>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]</div><div>sending packet: from 192.168.2.190[500] to 192.168.2.1[500]</div><div>received packet: from 192.168.2.1[500] to 192.168.2.190[500]</div>
<div>parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]</div><div>received NO_PROPOSAL_CHOSEN notify error</div></div><div><br></div><div>My ipsec.conf file on the gateway:</div><div><br></div><div><div>config setup</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>nat_traversal=yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>strictcrlpolicy=no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>charondebug=all</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>plutostart=no</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div>conn nat-t</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>authby=rsasig</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>keyexchange=ikev2</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>leftfirewall=yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>left=%defaultroute</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftcert=server.crt</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnetwithin=<a href="http://10.3.0.0/16">10.3.0.0/16</a></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftsubnet=<a href="http://192.168.2.0/24">192.168.2.0/24</a></div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>right=%any</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auto=add</div></div><div><br></div><div>On the client:</div><div><br></div>
<div><div>conn home</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>left=%defaultroute</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftcert=toshiba.crt</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftsourceip=%config</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>leftauth=rsasig</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftfirewall=yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>keyexchange=ikev2</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>right=192.168.2.1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightcert=server.crt</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auto=add</div>
<div><br></div></div><div>I find it odd that ikev1 works and ikev2 fails, with Strongswan on both sides. I haven't even gotten to trying to get Windows 7 working as a client.</div><div><br></div><br>-- <br>Rob Wicks<br>
<a href="mailto:robwicks@gmail.com">robwicks@gmail.com</a><br><a href="http://robwicks.wordpress.com">http://robwicks.wordpress.com</a><br>
</div></div>