[strongSwan] Having a problem creating a basic Site-to-Site config !!

Shashi Yash shashi007 at gmail.com
Thu Aug 25 00:58:51 CEST 2011 

Trying to setup ipsec site to site scenario on two red hat machines. I
get the following error: "no acceptable proposal found" on both
machines. Can you guys please tell me why I'm getting the following
error.

I jave pasted the configs and logs from both machines.

RH1: ipsec.conf
conn net-net
       left=10.19.61.35
       leftsubnet=192.168.100.0/24
       leftcert=rh1_Cert.pem
       right=10.19.61.67
       rightsubnet=192.168.200.0/24
       leftid="C=us, ST=il, O=ics, OU=mp, CN=RH6-1"
       auto=start
       ike=3des
       esp=aes256gcm16-modp1024-modp2048,aes128gcm16-modp1024-modp2048



RH2:ipsec.conf
conn net-net
  left=10.19.61.67
  leftsubnet=192.168.200.0/24
  leftcert=rh2_Cert.pem
  right=10.19.61.35
  rightsubnet=192.168.100.0/24
  rightid="C=us, ST=il, O=ics, OU=mp, CN=RH6-2"
  auto=start
  ike=3des
  esp=aes256gcm16-modp1024-modp2048,aes128gcm16-modp1024-modp2048


RH1 Log:
-------------------
13[NET] received packet: from 10.19.61.67[500] to 10.19.61.35[500]
13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
13[IKE] 10.19.61.67 is initiating an IKE_SA
13[IKE] no acceptable proposal found
13[ENC] generating IKE_SA_INIT response 0 [ ]
13[NET] sending packet: from 10.19.61.35[500] to 10.19.61.67[500]
14[NET] received packet: from 10.19.61.67[500] to 10.19.61.35[500]
14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
14[IKE] 10.19.61.67 is initiating an IKE_SA
14[IKE] no acceptable proposal found


RH2 Log:
---------------------

10[IKE] initiating IKE_SA net-net[1] to 10.19.61.35
10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
10[NET] sending packet: from 10.19.61.67[500] to 10.19.61.35[500]
11[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
11[ENC] payload of type SECURITY_ASSOCIATION not occurred 1 times (0)
11[IKE] IKE_SA_INIT response with message ID 0 processing failed
12[IKE] retransmit 1 of request with message ID 0
12[NET] sending packet: from 10.19.61.67[500] to 10.19.61.35[500]
13[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
13[ENC] payload of type SECURITY_ASSOCIATION not occurred 1 times (0)
13[IKE] IKE_SA_INIT response with message ID 0 processing failed
14[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
14[IKE] 10.19.61.35 is initiating an IKE_SA
14[IKE] no acceptable proposal found

Thanks in Advance
-shashi..

More information about the Users mailing list