<div dir="ltr">Hi,<div><br></div><div>Try removing <br><span style="font-family:monospace"> local_addrs = %any</span><br style="font-family:monospace"><span style="font-family:monospace"> remote_addrs = %any</span> <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Aug 29, 2020 at 4:33 AM Houman <<a href="mailto:houmie@gmail.com">houmie@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello everyone,<br><br>I'm trying to migrate from the legacy ipsec.conf to the new swanctl.conf<br>I'm following this page <a href="https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf</a><br><br>I have compiled the latest StrongSwan 5.9.<br><br>After converting everything carefully, I'm getting this error shown, when connecting.<br>no IKE config found, sending NO_PROPOSAL_CHOSEN<br><br>My original working Ipsec.conf is:<br><br><font face="monospace">config setup<br> strictcrlpolicy=yes<br> uniqueids=never<br>conn ${SERVERNAME}<br> auto=add<br> compress=no<br> type=tunnel<br> keyexchange=ikev2<br> fragmentation=yes<br> forceencaps=yes<br> ike=aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048, aes256-sha256-ecp521-ecp256-modp4096-modp2048!<br> esp=aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1!<br> dpdaction=clear<br> dpddelay=180s<br> dpdtimeout=3600s<br> rekey=no<br> left=%any<br> leftid=@${VPNHOST}<br> leftcert=cert.pem<br> leftsendcert=always<br> leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>, ::/0<br> right=%any<br> rightid=%any<br> rightauth=eap-radius<br> eap_identity=%any<br> rightdns=${DNS1},${DNS2}<br> rightsourceip=${VPNIPPOOL},${VPNIP6POOL}<br> leftfirewall=no</font><br><br>The new /etc/swanctl/swanctl.conf that I created based on the above is:<br><br><font face="monospace">connections {<br> ${SERVERNAME} {<br> version = 2<br> local_addrs = %any<br> remote_addrs = %any<br> proposals = aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048, aes256-sha256-ecp521-ecp256-modp4096-modp2048<br> encap = yes<br> mobike = yes<br> dpd_delay = 180s<br> fragmentation = yes<br> send_cert = always<br> unique = never<br> pools = MyPool<br> local {<br> certs = cert.pem<br> id = @${VPNHOST}<br> }<br> remote {<br> id = %any<br> eap_id = %any<br> revocation = strict<br> auth = eap-radius<br> children {<br> child_name {<br> esp_proposals = aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1<br> local_ts = dynamic<br> mode = tunnel<br> dpd_action = clear<br> ipcomp = no<br> start_action = none<br> }<br> }<br> }<br>}<br>pools {<br> MyPool {<br> addrs = ${VPNIPPOOL},${VPNIP6POOL}<br> dns = ${DNS1},${DNS2}<br> }<br>}<br>include conf.d/*.conf</font><div><font face="monospace"><br></font></div><div><font face="arial, sans-serif">What could be the reason that it doesn't work?</font></div><div><font face="arial, sans-serif">Many Thanks,</font></div><div><font face="arial, sans-serif">Houman</font></div></div>
</blockquote></div>