<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div><span><br></span></div><div><span>Hi Andreas,</span></div><div><span><br></span></div><div><span>Thank you for your prompt response. I configured  the following at both the ends.</span></div><div><span>charon {<br>  send_vendor_id = yes<br>}</span></div><div><span><br></span></div><div><span>Still getting the same issue i.e., unable to establish the IPsec tunnel. Here goes the logs at both ends. Am I missing anything? </span></div><div><span><br></span></div><div><span><br></span></div><div><span>IKE Responder</span></div><div><span><br></span></div><div><span><br></span></div><div><span>13[NET] <1> received packet: from 30.30.30.11[500] to 30.30.30.21[500] (196 bytes)<br>13[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V ]<br>13[IKE]
 <1> received strongSwan vendor ID<br>13[IKE] <1> DH group MODP_NULL inacceptable, requesting MODP_NULL<br>13[ENC] <1> generating IKE_SA_INIT response 0 [ N(INVAL_KE) V ]<br>13[NET] <1> sending packet: from 30.30.30.21[500] to 30.30.30.11[500] (58 bytes)<br>14[NET] <2> received packet: from 30.30.30.11[500] to 30.30.30.21[500] (176 bytes)<br>14[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>14[CFG] <2> an algorithm from private space would match, but peer implementation is unknown, skipped<br>14[CFG] <2> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL<br>14[CFG] <2> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL<br>14[IKE] <2> received proposals inacceptable<br>14[ENC] <2> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]<br>14[NET] <2> sending packet: from 30.30.30.21[500] to 30.30.30.11[500] (36
 bytes)</span></div><div><br></div><div><br></div><div>IKE Initiator </div><div><br></div><div>10[ENC] <load-test|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V ]<br>10[NET] <load-test|1> sending packet: from 30.30.30.11[500] to 30.30.30.21[500] (196 bytes)<br>13[NET] <load-test|1> received packet: from 30.30.30.21[500] to 30.30.30.11[500] (58 bytes)<br>13[ENC] <load-test|1> parsed IKE_SA_INIT response 0 [ N(INVAL_KE) V ]<br>13[IKE] <load-test|1> received strongSwan vendor ID<br>13[IKE] <load-test|1> peer didn't accept DH group MODP_NULL, it requested MODP_NULL<br>13[ENC] <load-test|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>charon (1045) started after 40 ms<br>14[CFG] received stroke: add connection 'host-host'<br>14[CFG] left nor right host is our side, assuming left=local<br>14[CFG] adding virtual IP address pool 10.0.0.0/8<br>14[CFG] added
 configuration 'host-host'<br>13[NET] <load-test|1> sending packet: from 30.30.30.11[500] to 30.30.30.21[500] (176 bytes)<br>16[NET] <load-test|1> received packet: from 30.30.30.21[500] to 30.30.30.11[500] (36 bytes)<br>16[ENC] <load-test|1> parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]<br>16[IKE] <load-test|1> received NO_PROPOSAL_CHOSEN notify error</div><div><br></div><div><br></div><div>Regards,</div><div>Chinmaya</div><div><br></div><div><br></div><span><div><br></div><div><br></div></span><div class="yahoo_quoted" style="display: block;"> <br> <br> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> On Thursday, February 27, 2014 6:51 PM, Andreas Steffen <andreas.steffen@strongswan.org>
 wrote:<br> </font> </div>  <div class="y_msg_container">Hi,<br clear="none"><br clear="none">since MODP_NULL is not an IANA-registered DH group but intended<br clear="none">for testing purposes only, You must send the strongSwan Vendor ID<br clear="none">by adding the following statements<br clear="none"><br clear="none">charon {<br clear="none">  send_vendor_id = yes<br clear="none">}<br clear="none"><br clear="none">in the /etc/strongswan.conf files of both endpoints.<br clear="none"><br clear="none">Regards<br clear="none"><br clear="none">Andreas<br clear="none"><div class="yqt6459525950" id="yqtfd84421"><br clear="none">On 02/27/2014 12:25 PM, Chinmaya Dwibedy wrote:<br clear="none">> Hi ,<br clear="none">> <br clear="none">> I am using the modpnull Diffie-Hellman gr to avoid the DH calculation<br clear="none">> overhead (strongswan-5.0.4). But it is unable to establish the security<br clear="none">> association. Here goes the
 logs at IKE responder end. Can anyone please<br clear="none">> suggest what is the wrong?   <br clear="none">> <br clear="none">> 11[CFG] received stroke: add connection 'host-host'<br clear="none">> 11[CFG] adding virtual IP address pool 10.0.0.0/8<br clear="none">> 11[CFG] added configuration 'host-host'<br clear="none">> 13[NET] <1> received packet: from 30.30.30.11[500] to 30.30.30.21[500]<br clear="none">> (176 bytes)<br clear="none">> 13[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)<br clear="none">> N(NATD_D_IP) ]<br clear="none">> 13[CFG] <1> an algorithm from private space would match, but peer<br clear="none">> implementation is unknown, skipped<br clear="none">> 13[CFG] <1> received proposals:<br clear="none">> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL<br clear="none">> 13[CFG] <1> configured proposals:<br clear="none">>
 IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL<br clear="none">> 13[IKE] <1> received proposals inacceptable<br clear="none">> 13[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]<br clear="none">> 13[NET] <1> sending packet: from 30.30.30.21[500] to 30.30.30.11[500]<br clear="none">> (36 bytes)<br clear="none">> <br clear="none">> Regards,<br clear="none">> Chinmaya</div><br clear="none"><br clear="none">======================================================================<br clear="none">Andreas Steffen                         <a href="mailto:andreas.steffen@strongswan.org" shape="rect" ymailto="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br clear="none">strongSwan - the Open Source VPN Solution!          www.strongswan.org<br clear="none">Institute for Internet Technologies and
 Applications<br clear="none">University of Applied Sciences Rapperswil<br clear="none">CH-8640 Rapperswil (Switzerland)<br clear="none">===========================================================[ITA-HSR]==<div class="yqt6459525950" id="yqtfd93434"><br clear="none"></div><br><br></div>  </div> </div>  </div> </div></body></html>