[strongSwan] IKEV2 Suite B ECDSA-384 certificates with Windows not working - IKEv2 Error 13806

Martin Willi martin at strongswan.org
Mon Jul 16 09:20:41 CEST 2012


> ike=aes256-sha384-ecp384! in the ipsec.conf settings and
> keyexchange=ikev2

> Now I cannot get Windows clients to work. 

> If i use non Suite B encryption settings everything works fine

Unfortunately, the Windows 7 IKEv2 Agile VPN client on Windows does not
support these algorithms. I don't know of an option to enable Suite B
algorithms in IKEv2.

On the strongSwan responder, if the proposal selection fails, you should
get a list of algorithms that have been offered by the client. This
usually includes aes256, sha1 and modp1024, but depends on the "data
encryption" profile selected in the client connection (optional
encryption, require encryption, or maximum strength encryption).


More information about the Users mailing list