[strongSwan] Regarding Installation issue in strongswan

Martin Willi martin at strongswan.org
Mon Nov 19 09:41:13 CET 2012


Hi,

> 13[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ
> 13[IKE] no acceptable proposal found
> 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(NO_PROP) ]

Your client sends a DH group in the CHILD_SA proposals in IKE_AUTH. This
seems wrong, as a DH exchange is never done in IKE_AUTH. The proposal
would match in a CREATE_CHILD_SA (as you can do a DH exchange there),
but not in IKE_AUTH.

Regards
Martin





More information about the Users mailing list