[strongSwan] Regarding Installation issue in strongswan
Martin Willi
martin at strongswan.org
Mon Nov 19 09:41:13 CET 2012
Hi,
> 13[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ
> 13[IKE] no acceptable proposal found
> 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(NO_PROP) ]
Your client sends a DH group in the CHILD_SA proposals in IKE_AUTH. This
seems wrong, as a DH exchange is never done in IKE_AUTH. The proposal
would match in a CREATE_CHILD_SA (as you can do a DH exchange there),
but not in IKE_AUTH.
Regards
Martin
More information about the Users
mailing list