<div dir="ltr"><div dir="ltr"><div dir="ltr">I see DH problem as Tobias said.<div>look:</div><div><br></div><div><div>Client:</div><div><br></div><div>IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, </div><div>IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, </div><div>IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048</div><div><br></div><div>StrongSwan:</div><div>IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, </div><div>IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, </div><div>IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div></div><div><br></div><div>Client wants MODP_2048 while Swan has only MODP_1024 enabled.<br></div><div><br></div><div>As result, "<span style="font-family:tahoma,sans-serif">no acceptable DIFFIE_HELLMAN_GROUP found</span>" <br></div><div><br></div><div>See ipsec.conf for "ike" setting. Especially about "modpgroup".</div><div><br></div><div><br></div><div><br></div></div></div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avg.com</a> </td>
</tr>
</table>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 15, 2019 at 8:42 AM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Dear Team,</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Please see below:</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default"><div class="gmail_default"><font face="tahoma, sans-serif"><b><i>ipsec statusall</i></b></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64):</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> uptime: 17 hours, since Feb 14 11:52:17 2019</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> malloc: sbrk 1757184, mmap 0, used 534320, free 1222864</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Virtual IP pools (size/online/offline):</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a>: 254/0/0</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Listening IP addresses:</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> 102.1*9.2*9.**</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Connections:</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ikev2-vpn: %any...%any IKEv2, dpddelay=300s</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ikev2-vpn: local: [102.1*9.2*9.**] uses public key authentication</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ikev2-vpn: cert: "CN=102.1*9.2*9.**"</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ikev2-vpn: remote: [fromcert] uses EAP_MSCHAPV2 authentication with EAP identity '%any'</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ikev2-vpn: child: <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> === dynamic TUNNEL, dpdaction=clear</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Security Associations (0 up, 0 connecting):</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> none</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif"> </font></div><div class="gmail_default"><font face="tahoma, sans-serif"><b><i>systemctl status strongswan</i></b></font></div><div class="gmail_default"><font face="tahoma, sans-serif">● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled)</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> Active: active (running) since Thu 2019-02-14 11:52:17 UTC; 17h ago</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> Main PID: 2204 (starter)</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> Tasks: 18 (limit: 2275)</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> CGroup: /system.slice/strongswan.service</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> ├─2204 /usr/lib/ipsec/starter --daemon charon --nofork</font></div><div class="gmail_default"><font face="tahoma, sans-serif"> └─2232 /usr/lib/ipsec/charon --debug-ike 1 --debug-knl 1 --debug-cfg 2</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_C</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[IKE] remote host is behind NAT</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[IKE] received proposals inacceptable</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[NET] sending packet: from 102.1*9.2*9.**[500] to 154.153.1*0.***[500] (36 bytes)</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] proposing traffic selectors for us:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] proposing traffic selectors for other:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] dynamic</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">The error log:</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[NET] received packet: from 154.153.1*0.***[500] to 102.1*9.2*9.**[500] (632 bytes)</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64)</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-cert.pem'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading secrets from '/etc/ipsec.secrets'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/server-key.pem'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loaded EAP secret for remoteprivate</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[LIB] dropped capabilities, running as uid 0, gid 0</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[JOB] spawning 16 worker threads</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] received stroke: add connection 'ikev2-vpn'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] conn ikev2-vpn</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] left=%any</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] leftid=102.1*9.2*9.**</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] leftcert=server-cert.pem</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] right=%any</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightsourceip=<a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a></div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightdns=8.8.8.8,8.8.4.4</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightauth=eap-mschapv2</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightid=%fromcert</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] eap_identity=%identity</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] esp=aes256-sha256,aes256-sha1,3des-sha1!</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] dpddelay=300</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] dpdtimeout=150</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] dpdaction=1</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] sha256_96=no</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] mediation=no</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] keyexchange=ikev2</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] adding virtual IP address pool <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a></div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] loaded certificate "CN=102.1*9.2*9.**" from 'server-cert.pem'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] added configuration 'ikev2-vpn'</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[NET] received packet: from 216.218.206.86[8310] to 102.1*9.2*9.**[500] (64 bytes)</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[ENC] parsed ID_PROT request 0 [ SA ]</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] looking for an ike config for 102.1*9.2*9.**...154.153.1*0.***</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[CFG] looking for an ike config for 102.1*9.2*9.**...216.218.206.86</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[IKE] no IKE config found for 102.1*9.2*9.**...216.218.206.86, sending NO_PROPOSAL_CHOSEN</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[ENC] generating INFORMATIONAL_V1 request 2332246493 [ N(NO_PROP) ]</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[NET] sending packet: from 102.1*9.2*9.**[500] to 216.218.206.86[8310] (40 bytes)</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[NET] received packet: from 154.153.1*0.***[500] to 102.1*9.2*9.**[500] (632 bytes)</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] looking for an ike config for 102.1*9.2*9.**...154.153.1*0.***</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] candidate: %any...%any, prio 28</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] found matching ike config: %any...%any with prio 28</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received MS-Negotiation Discovery Capable vendor ID</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received Vid-Initial-Contact vendor ID</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] 154.153.1*0.*** is initiating an IKE_SA</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] candidate: %any...%any, prio 28</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] found matching ike config: %any...%any with prio 28</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received MS-Negotiation Discovery Capable vendor ID</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received Vid-Initial-Contact vendor ID</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] 154.153.1*0.*** is initiating an IKE_SA</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] remote host is behind NAT</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received proposals inacceptable</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</div><div class="gmail_default">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[NET] sending packet: from 102.1*9.2*9.**[500] to 154.153.1*0.***[500] (36 bytes)</div><div class="gmail_default">Feb 15 05:11:50 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a kernel: [68232.190082] [UFW BLOCK] IN=ens3 OUT= MAC=06:97:9c:00:00:8f:00:1d:b5:c0:a7:c0:08:00 SRC=154.153.1*0.*** DST=102.1*9.2*9.** LEN=52 TOS=0x10 PREC=0x20 TTL=116 ID=15775 DF PROTO=TCP SPT=54821 DPT=443 WINDOW=17520 RES=0x00 SYN URGP=0</div><div class="gmail_default">....</div><div><br></div></font></div><div style="font-family:tahoma,sans-serif"><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 14, 2019 at 5:37 PM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com" target="_blank">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family:tahoma,sans-serif">Thanks Tobias for the feedback. Let me try from another machine and revert back to you.</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Thanks a lot,</div><div style="font-family:tahoma,sans-serif">Moses K</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 14, 2019 at 5:30 PM Tobias Brunner <<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Moses,<br>
<br>
> But now it gives the error that it didn't<br>
> connect as the remote host did not resolve . :(<br>
<br>
That doesn't sound like it's in any way related to your previous issue.<br>
And until you fix that (DNS, firewall or whatever else the problem is)<br>
the config updates or the log won't help as the client won't send any<br>
packets to the server.<br>
<br>
Also, log level 9 makes no sense as 4 is the maximum and is too much<br>
either. Set it to 2 (even 1 would be enough to debug the proposal<br>
issue, though).<br>
<br>
Regards,<br>
Tobias<br>
</blockquote></div>
</blockquote></div>
</div></div>
</blockquote></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:17px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avg.com</a> </td>
</tr>
</table>
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div>