[strongSwan] strongswan 5.4.0 and sophos sg 310

fatcharly at gmx.de fatcharly at gmx.de
Wed Oct 19 12:44:30 CEST 2016


I´m using a strongswan-5.4.0-2.el7.x86_64 on a CentOS 7. I´m trying to build a Site-Site-VPN connection with the following proposals:
DH-Group 14, AES-CBC-256, SHA2_256 (given by the Partnerside/sophos SG 310).
So I´m using this for a Connection :
ike=aes256-sha256-modp2048!

But I always get a:
received packet: from Partnerside[500] to Myside[500] (64 bytes)
parsed INFORMATIONAL_V1 request 0 [ N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'connectionname' failed

This is my configuration:
conn connectionname
        left=my IP
        leftsubnet=my Subnet
        leftid=my IP
        right=PartnerIp
        rightsubnet=Partner subnet
        rightid=PartnerIp
        authby=secret
        auto=start
        ikelifetime=28800s
        keylife=3600s
        keyexchange=ikev1
        ike=aes256-sha256-modp2048!
        esp=aes256-sha256-modp2048!

Is there something wrong in my configuration or how can I troubleshoot this problem ? I allready did a "loglevel 4" but I didn`t get any further. 

Any suggestions are welcome.

Kind regards
fatcharly


More information about the Users mailing list