[strongSwan] DH group MODP_2048 inacceptable, requesting MODP_1024
Martin Willi
martin at strongswan.org
Wed Jan 19 14:11:00 CET 2011
Hi Kevin,
> [IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
> So why does the responder reject MODP_2048 when it is a supported algorithm?
MODP_2048 must not only be supported, it also must be contained in the
configured IKE proposal. As you didn't specify any ike= keyword in
ipsec.conf, it actually should, and I don't see why the responder
doesn't accept it.
Could you increase the log level of "cfg" to 2 (see [1]) and send us the
responder log?
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
More information about the Users
mailing list