<div dir="ltr">Try "cfg 9" for
<span style="font-family:tahoma,sans-serif">charondebug</span> , and check your logs<div><br></div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avg.com</a> </td>
</tr>
</table>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 13, 2019 at 9:55 PM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Thanks Tobias for the quick response. I set this up, the Registry value and below configuration, but still the same error. </div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default"><div class="gmail_default"><font face="tahoma, sans-serif">config setup</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> charondebug="ike 1, knl 1, cfg 0"</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> uniqueids=no</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">conn ikev2-vpn</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> auto=add</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> compress=no</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> type=tunnel</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> keyexchange=ikev2</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> fragmentation=yes</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> forceencaps=yes</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> dpdaction=clear</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> dpddelay=300s</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> rekey=no</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> left=%any</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> leftid=102.1*9.2*9.**</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> leftcert=server-cert.pem</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> leftsendcert=always</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif"> right=%any</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> rightid=%any</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> rightauth=eap-mschapv2</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> rightsourceip=<a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif"> rightdns=8.8.8.8,8.8.4.4</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> rightsendcert=never</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> eap_identity=%identity</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! </font></div><div class="gmail_default"><font face="tahoma, sans-serif"> esp=aes256-sha256,aes256-sha1,3des-sha1!</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Thanks a lot</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 13, 2019 at 5:45 PM Tobias Brunner <<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Moses,<br>
<br>
Configure an IKE proposal that's accepted by your peer (you disabled log<br>
message for cfg, so you didn't see the details of the proposal<br>
negotiation). Most likely the problem is that modp1024 is proposed, a<br>
DH group strongSwan doesn't include in its default IKE proposal anymore.<br>
So to use it, IKE proposals have to be configured explicitly. Also see<br>
[1] for information on how to get Windows to use at least modp2048.<br>
<br>
Regards,<br>
Tobias<br>
<br>
[1]<br>
<a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048" rel="noreferrer" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048</a><br>
</blockquote></div>
</blockquote></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avg.com</a> </td>
</tr>
</table>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div>