[strongSwan] DH group MODP_2048 inacceptable, requesting MODP_1024

Kevin Clark kevin.clark at csoft.co.uk
Fri Jan 21 16:10:46 CET 2011

> Your responder configuration uses the IKE proposal
>   ike=aes256-sha1-modp1024!
> making modp2048 unacceptable. Please double check ipsec.conf and update
> your proposal configuration.

I have double-checked ipsec.conf and can confirm that an ike configuration is not defined in either a default or specific connection.  

In the absence of an ike configuration in ipsec.conf I would have expected all registered algorithms to be supported, but this does not seem to be the case here.

More information about the Users mailing list