[strongSwan] Eap-mschapv2 and windows 7 64bit is not working (received proposals inacceptable)

Andreas Steffen andreas.steffen at strongswan.org
Sun Aug 19 08:52:29 CEST 2012 

Hi,

aes is a synonym for aes128. Try aes256 which is the only key size
Windows 7 supports.

Best regards

Andreas

On 08/18/2012 02:08 PM, Hamid Zamani wrote:
> Hello,
> 
> I've configured a debian server with Strongswan v4.4.1 . Setup completed
> with eap-mschapv2 . my ipsec.conf is below : 
> 
> config setup
>     crlcheckinterval=180
>     strictcrlpolicy=no
>     plutostart=no
> 
> conn %default
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     keyexchange=ikev2
> 
> conn rw
>     left=62.141.34.190
>     leftauth=pubkey
>     leftcert=moonCert.pem
>     leftid="C=xx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.xxxx.xx, E=xx"
>     leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>     #leftfirewall=yes
>     right=%any
>     rightsourceip=10.10.9.0/24 <http://10.10.9.0/24>
>     auto=add
>     rightauth=eap-mschapv2
>     rightsendcert=never
>     eap_identity=%any
>     ike=aes-sha1-modp1024!
>     esp=aes-sha1!
>     dpdaction=clear
>     dpddelay=300s
> 
> =========================
> 
> I verified the certificate and it is no problem , but when i connect
> from windows 7 this info is submitted at daemon.log . : 
> 
> Aug 18 08:03:52 debian charon: 16[CFG] configured proposals:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> Aug 18 08:03:52  debian  charon: 16[IKE] remote host is behind NAT
> Aug 18 08:03:52  debian  charon: 16[IKE] received proposals inacceptable
> Aug 18 08:03:52  debian  charon: 16[ENC] generating IKE_SA_INIT response
> 0 [ N(NO_PROP) ]
> Aug 18 08:03:52  debian  charon: 16[NET] sending packet: from
> xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500]
> 
> and according to these logs it config propasals but two line later shows
> "received proposals inacceptable" it's so strange why ?
> 
> of course i don't know but i cant use aes256 with windows 7 and it shows
> 13801 error ! 
> 
> Thank you 

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list