[strongSwan] How to use ah keyword for windows 7 L2TP/IPSec
Martin Willi
martin at strongswan.org
Tue Nov 19 11:37:59 CET 2013
Hi,
> but when I add ah keyword which available since 5.1.1 as ah=md5,
Please be aware that we support plain AH only, no ESP+AH SA bundles
where AH integrity-protects ESP-encrypted packets.
> 16[CFG] selected proposal: AH:HMAC_MD5_96/NO_EXT_SEQ
> 03[ENC] parsed INFORMATIONAL_V1 request 1083309842 [ HASH N(NO_PROP) ]
> 03[IKE] received NO_PROPOSAL_CHOSEN error notify
I'm not sure what exactly Windows uses with L2TP/IPsec. But if it wants
to use ESP+AH bundles that would perfectly explain the
NO_PROPOSAL_CHOSEN it sends upon our AH-only selection.
Regards
Martin
More information about the Users
mailing list