[strongSwan] Strongswan + iOS8, selecting proposal no acceptable ENCRYPTION_ALGORITHM found
Luka Hlastec
luka.hlastec at gmail.com
Thu Dec 25 19:09:52 CET 2014
Hi list!
I'm trying to setup Strongswan on RaspberryPi (Linux strongSwan
U5.0.4/K3.10.24+) following this guide:
https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/
But when I try to connect(iPhone6, iOS8), I get following message(on
phone): "Could not validate the server certificate.".
And in strongswan log, there is some error message:
Dec 25 18:56:41 raspberrypi2 charon: 01[IKE] 188.196.21.100 is initiating a
Main Mode IKE_SA
Dec 25 18:56:41 raspberrypi2 charon: 01[IKE] IKE_SA (unnamed)[1] state
change: CREATED => CONNECTING
Dec 25 18:56:41 raspberrypi2 charon: 01[CFG] selecting proposal:
Dec 25 18:56:41 raspberrypi2 charon: 01[CFG] no acceptable
ENCRYPTION_ALGORITHM found
...
Dec 25 18:56:52 raspberrypi2 charon: 14[IKE] sending retransmit 2 of
request message ID 3559788435, seq 1
Dec 25 18:56:52 raspberrypi2 charon: 14[NET] sending packet: from
192.168.2.102[4500] to 188.196.21.100[4500] (76 bytes)
Dec 25 18:56:52 raspberrypi2 charon: 03[NET] sending packet: from
192.168.2.102[4500] to 188.196.21.100[4500]
Dec 25 18:57:05 raspberrypi2 charon: 01[IKE] sending retransmit 3 of
request message ID 3559788435, seq 1
Dec 25 18:57:05 raspberrypi2 charon: 01[NET] sending packet: from
192.168.2.102[4500] to 188.196.21.100[4500] (76 bytes)
Dec 25 18:57:05 raspberrypi2 charon: 03[NET] sending packet: from
192.168.2.102[4500] to 188.196.21.100[4500]
Dec 25 18:57:11 raspberrypi2 charon: 11[JOB] deleting half open IKE_SA
after timeout
Dec 25 18:57:11 raspberrypi2 charon: 11[IKE] IKE_SA CiscoIPSec[1] state
change: CONNECTING => DESTROYING
See full log here:
https://dl.dropboxusercontent.com/u/2261256/forums/daemon.log.txt
And here is ipsec.conf file:
#ipsec.conf - strongSwan IPsec configuration file
config setup
uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn %default
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=vpnHostCert.pem
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=172.16.16.0/24
conn IPSec-IKEv2
keyexchange=ikev2
auto=add
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add
Any idea what to do to fix problem?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141225/5b1bf50b/attachment.html>
More information about the Users
mailing list