[strongSwan] strongswan host to host setup problem
Randy Wyatt
rwwyatt01 at gmail.com
Fri Jul 17 00:10:44 CEST 2015
Have you tried limiting the proposals supported?
ike=aes128-sha1-modp1024
esp=aes128-sha1
If you don't specify the proposal, everything is sent. Can you increase
the debugging on ike so we can look a little more at the proposal and
configured?
Regards,
Randy
On Thu, Jul 16, 2015 at 2:08 PM, Aaron <hawaiiaaron at gmail.com> wrote:
> Hi, I have strongswan setup in a host to host configuration using a shared
> secret for testing, but am not able to get it to establish a tunnel. The
> left side attempts to retransmit packets till it gives up and on the right
> side I receive this error. Any help appreciated. Thanks!
>
> Jul 16 21:01:19 vpn02 charon: 12[NET] received packet: from
> 10.100.1.20[500] to 10.100.1.131[500] (36 bytes)
> Jul 16 21:01:19 vpn02 charon: 12[ENC] parsed IKE_SA_INIT response 0 [
> N(NO_PROP) ]
> Jul 16 21:01:19 vpn02 charon: 12[IKE] received NO_PROPOSAL_CHOSEN notify
> error
>
> #ipsec.conf file
> #right side and leftside are identical
> config setup
> charondebug=all
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> authby=psk
>
> conn rw
> left=10.100.1.20
> leftid=10.100.1.20
> leftfirewall=no
> right=10.100.1.131
> rightid=10.100.1.131
> auto=start
> authby=psk
>
> # ipsec.secrets file
> : PSK "mypsksecret"
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150716/34478fa8/attachment.html>
More information about the Users
mailing list