[strongSwan] NO_PROPOSAL_CHOSEN with ikev2

Robert Wicks robwicks at gmail.com
Fri Jan 28 02:47:10 CET 2011 

I have gotten pluto working fine, but when I change my roadwarrior
configuration to use charon, I get errors about the proposal. With both of
my hosts on a private network (trying to make sure I can establish a local
connection before I worry with offsite connections), I see the following
debug output from the gateway:

Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET] received IPv4 packet =>
752 bytes @ 0x7e7fe974
Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET]    0: 45 00 02 F0 00 00
40 00 40 11 B1 ED C0 A8 02 BE  E..... at .@.......
Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET]   16: C0 A8 02 01 01 F4
01 F4 02 DC D7 81 15 C0 F3 CB  ................
Jan 27 20:40:21 gateway.linux.bogus syslog: 06[NET]   32: EA C1 A3 AE 00 00
00 00 00 00 00 00 21 20 22 08  ............! ".
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]   48: 00 00 00 00 00 00
02 D4 22 00 01 54 02 00 00 2C  ........"..T...,
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]   64: 01 01 00 04 03 00
00 0C 01 00 00 0C 80 0E 00 80  ................
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]   80: 03 00 00 08 03 00
00 02 03 00 00 08 02 00 00 02  ................
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]   96: 00 00 00 08 04 00
00 0E 02 00 00 28 02 01 00 04  ...........(....
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  112: 03 00 00 08 01 00
00 03 03 00 00 08 03 00 00 02  ................
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  128: 03 00 00 08 02 00
00 02 00 00 00 08 04 00 00 05  ................
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  144: 00 00 00 FC 03 01
00 1D 03 00 00 0C 01 00 00 0C  ................
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  640: BB 98 C4 77 26 CA
76 CF 80 5F AA D1 51 98 19 E0  ...w&.v.._..Q...
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  656: BF EA 54 7B 29 00
00 24 66 D7 B6 AF D4 20 98 02  ..T{)..$f.... ..
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  672: B4 CA E4 41 31 DE
1A 98 2C A0 95 EC 26 1F 3E F8  ...A1...,...&.>.
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  688: 93 EE 45 4B 83 DA
C0 DC 29 00 00 1C 00 00 40 04  ..EK....)..... at .
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  704: E7 2B D1 F9 91 C2
46 52 06 81 8D 53 89 DE DC 70  .+....FR...S...p
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  720: 3A 32 52 5A 00 00
00 1C 00 00 40 05 14 D3 22 61  :2RZ...... at ..."a
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET]  736: 2B 90 0E 74 F5 D5
42 59 AF 11 FD 18 E7 54 F8 66  +..t..BY.....T.f
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[NET] received packet: from
192.168.2.190[500] to 192.168.2.1[500]
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] parsing header of
message
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] parsing HEADER payload,
724 bytes left
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC] parsing payload from =>
724 bytes @ 0x46b600
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC]    0: 15 C0 F3 CB EA C1
A3 AE 00 00 00 00 00 00 00 00  ................
Jan 27 20:40:22 gateway.linux.bogus syslog: 06[ENC]   16: 21 20 22 08 00 00
00 00 00 00 02 D4 22 00 01 54  ! "........."..T
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]   32: 02 00 00 2C 01 01
00 04 03 00 00 0C 01 00 00 0C  ...,............
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]   48: 80 0E 00 80 03 00
00 08 03 00 00 02 03 00 00 08  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]   64: 02 00 00 02 00 00
00 08 04 00 00 0E 02 00 00 28  ...............(
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]   80: 02 01 00 04 03 00
00 08 01 00 00 03 03 00 00 08  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]   96: 03 00 00 02 03 00
00 08 02 00 00 02 00 00 00 08  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  112: 04 00 00 05 00 00
00 FC 03 01 00 1D 03 00 00 0C  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  128: 01 00 00 0C 80 0E
00 80 03 00 00 0C 01 00 00 0C  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  144: 80 0E 00 C0 03 00
00 0C 01 00 00 0C 80 0E 01 00  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  160: 03 00 00 08 01 00
00 03 03 00 00 08 03 00 00 05  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  176: 03 00 00 08 03 00
00 02 03 00 00 08 03 00 00 0C  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  192: 03 00 00 08 03 00
00 01 03 00 00 08 03 00 00 0D  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  208: 03 00 00 08 03 00
00 0E 03 00 00 08 02 00 00 04  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  224: 03 00 00 08 02 00
00 05 03 00 00 08 02 00 00 02  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  240: 03 00 00 08 02 00
00 01 03 00 00 08 02 00 00 06  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  256: 03 00 00 08 02 00
00 07 03 00 00 08 04 00 00 0E  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  272: 03 00 00 08 04 00
00 17 03 00 00 08 04 00 00 18  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  288: 03 00 00 08 04 00
00 05 03 00 00 08 04 00 00 13  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  304: 03 00 00 08 04 00
00 14 03 00 00 08 04 00 00 15  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  320: 03 00 00 08 04 00
00 1A 03 00 00 08 04 00 00 19  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  336: 03 00 00 08 04 00
00 10 03 00 00 08 04 00 00 12  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  352: 03 00 00 08 04 00
00 02 00 00 00 08 04 00 00 16  ................
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  368: 28 00 01 08 00 0E
00 00 40 32 A1 B5 23 DA E9 DC  (....... at 2..#...
Jan 27 20:40:23 gateway.linux.bogus syslog: 06[ENC]  384: CA 1D 66 7C 7B 6E
74 D2 70 7E D4 6F 3A BE F5 B3  ..f|{nt.p~.o:...
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  400: B1 7A 92 F3 8B 51
F6 DB B8 3C D8 C6 E6 76 D7 AD  .z...Q...<...v..
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  416: F4 38 9C 3A 1A 9C
C1 8A 9E 7F 21 07 91 39 AD D8  .8.:......!..9..
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  432: 2A 51 50 42 68 41
17 EB 93 56 CB 98 AB 17 37 42  *QPBhA...V....7B
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  448: F4 1B 6A DE 76 43
EE FB 83 F2 AE ED 38 B2 71 6D  ..j.vC......8.qm
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  464: 25 37 F4 B5 79 7B
CC AD 46 AC 9B F9 20 20 84 5F  %7..y{..F...  ._
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  480: 93 6C A3 E8 14 82
56 D6 50 9F E8 1B 27 39 31 C7  .l....V.P...'91.
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  496: 7D E8 C4 72 F4 1E
8B E5 40 23 29 29 A1 4B 46 1A  }..r....@#)).KF.
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  512: CC AB E7 14 DA 7B
14 7D D9 2A AA 8F EE F9 E8 6E  .....{.}.*.....n
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  528: B7 D0 5E 61 7B 91
5F 24 67 DD 3C F6 4B 42 02 44  ..^a{._$g.<.KB.D
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  544: 55 8D 50 EF F2 1B
A8 13 47 E1 B4 CE 1B C7 6E 45  U.P.....G.....nE
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  560: 22 8B 29 A9 79 6D
6D 7C 7B A0 13 56 72 23 30 E8  ".).ymm|{..Vr#0.
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  576: E7 7F A2 96 EE 51
F8 E6 C7 63 AA B5 BD C8 8E 7B  .....Q...c.....{
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  592: 83 28 78 89 E4 46
D5 01 1A FD B3 89 78 24 28 79  .(x..F......x$(y
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  608: 70 A8 0B 26 BB 98
C4 77 26 CA 76 CF 80 5F AA D1  p..&...w&.v.._..
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  624: 51 98 19 E0 BF EA
54 7B 29 00 00 24 66 D7 B6 AF  Q.....T{)..$f...
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  640: D4 20 98 02 B4 CA
E4 41 31 DE 1A 98 2C A0 95 EC  . .....A1...,...
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  656: 26 1F 3E F8 93 EE
45 4B 83 DA C0 DC 29 00 00 1C  &.>...EK....)...
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  672: 00 00 40 04 E7 2B
D1 F9 91 C2 46 52 06 81 8D 53  .. at ..+....FR...S
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  688: 89 DE DC 70 3A 32
52 5A 00 00 00 1C 00 00 40 05  ...p:2RZ...... at .
Jan 27 20:40:24 gateway.linux.bogus syslog: 06[ENC]  704: 14 D3 22 61 2B 90
0E 74 F5 D5 42 59 AF 11 FD 18  .."a+..t..BY....
Jan 27 20:40:24 gateway.linux.bogus syslog: 05[ENC]   parsing rule 0
U_INT_8
Jan 27 20:40:24 gateway.linux.bogus syslog: 05[ENC]    => 34
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]    => 0
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]    => 2
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]   80: 80 0E 00 80 03 00
00 0C 01 00 00 0C 80 0E 00 C0  ................
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]    => 4
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]    => 14
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]    => 2
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]    => 1
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]  272: 04 00 00 16 28 00
01 08 00 0E 00 00 40 32 A1 B5  ....(....... at 2..
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing
TRANSFORM_SUBSTRUCTURE payload, 616 bytes left
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]  208: 04 00 00 19 03 00
00 08 04 00 00 10 03 00 00 08  ................
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]  336: 14 82 56 D6 50 9F
E8 1B 27 39 31 C7 7D E8 C4 72  ..V.P...'91.}..r
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing payload from =>
548 bytes @ 0x46b6b0
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]   80: 03 00 00 08 04 00
00 18 03 00 00 08 04 00 00 05  ................
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC] parsing
TRANSFORM_SUBSTRUCTURE payload finished
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]   96: 03 00 00 08 04 00
00 02 00 00 00 08 04 00 00 16  ................
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]   64: 03 00 00 08 04 00
00 02 00 00 00 08 04 00 00 16  ................
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]  240: 22 8B 29 A9 79 6D
6D 7C 7B A0 13 56 72 23 30 E8  ".).ymm|{..Vr#0.
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]   32: 70 7E D4 6F 3A BE
F5 B3 B1 7A 92 F3 8B 51 F6 DB  p~.o:....z...Q..
Jan 27 20:40:25 gateway.linux.bogus syslog: 05[ENC]   parsing rule 6
RESERVED_BIT


My client shows
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.2.190[500] to 192.168.2.1[500]
received packet: from 192.168.2.1[500] to 192.168.2.190[500]
parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN notify error

My ipsec.conf file on the gateway:

config setup
nat_traversal=yes
 strictcrlpolicy=no
charondebug=all
plutostart=no
 conn nat-t
authby=rsasig
keyexchange=ikev2
 leftfirewall=yes
left=%defaultroute
leftcert=server.crt
 rightsubnetwithin=10.3.0.0/16
leftsubnet=192.168.2.0/24
 right=%any
auto=add

On the client:

conn home
left=%defaultroute
leftcert=toshiba.crt
leftsourceip=%config
 leftauth=rsasig
leftfirewall=yes
keyexchange=ikev2
 right=192.168.2.1
rightcert=server.crt
auto=add

I find it odd that ikev1 works and ikev2 fails, with Strongswan on both
sides. I haven't even gotten to trying to get Windows 7 working as a client.


-- 
Rob Wicks
robwicks at gmail.com
http://robwicks.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110127/6f8a4f84/attachment.html>

More information about the Users mailing list