[strongSwan] Eap-mschapv2 and windows 7 64bit is not working (received proposals inacceptable)
Hamid Zamani
if.else.fi at gmail.com
Sat Aug 18 14:08:06 CEST 2012
Hello,
I've configured a debian server with Strongswan v4.4.1 . Setup completed
with eap-mschapv2 . my ipsec.conf is below :
config setup
crlcheckinterval=180
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn rw
left=62.141.34.190
leftauth=pubkey
leftcert=moonCert.pem
leftid="C=xx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.xxxx.xx, E=xx"
leftsubnet=0.0.0.0/0
#leftfirewall=yes
right=%any
rightsourceip=10.10.9.0/24
auto=add
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
ike=aes-sha1-modp1024!
esp=aes-sha1!
dpdaction=clear
dpddelay=300s
=========================
I verified the certificate and it is no problem , but when i connect from
windows 7 this info is submitted at daemon.log . :
Aug 18 08:03:52 debian charon: 16[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 18 08:03:52 debian charon: 16[IKE] remote host is behind NAT
Aug 18 08:03:52 debian charon: 16[IKE] received proposals inacceptable
Aug 18 08:03:52 debian charon: 16[ENC] generating IKE_SA_INIT response 0
[ N(NO_PROP) ]
Aug 18 08:03:52 debian charon: 16[NET] sending packet: from
xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500]
and according to these logs it config propasals but two line later shows
"received proposals inacceptable" it's so strange why ?
of course i don't know but i cant use aes256 with windows 7 and it shows
13801 error !
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120818/def30f59/attachment.html>
More information about the Users
mailing list