[strongSwan] Tunnel established, but 'no acceptable ENCRYPTION_ALGORITHM found'
Jafar Al-Gharaibeh
jafar at atcorp.com
Tue May 1 17:25:42 CEST 2018
Tobias,
Makes sense, but just to understand what is going on and know how
to read the logs, are you saying that each "ESP:" prefix signifies a
separate proposal that is parsed independently (log below)? A single
proposal might have one or more algorithms separated by slashes, correct ?
Thanks,
Jafar
received proposals:
ESP:AES_GCM_16_128/AES_GCM_16_256/CHACHA20_POLY1305_256/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/NO_EXT_SEQ
On 5/1/2018 3:08 AM, Tobias Brunner wrote:
> Hi,
>
>> I see an error in the strongswan
>> logs and I'm not sure what is going on here, and what I should do to
>> correct this:
> There is nothing to correct as the connection gets successfully
> established. If you have a closer look at the log you see that the
> client sends not one, but four ESP proposals. The first one contains
> only AEAD algorithms (AES-GCM etc.), which won't match your configured
> proposal, hence, the "no acceptable ENCRYPTION_ALGORITHM found" message.
> Then the second proposal is tried and that matches your configured
> proposal and is selected.
>
> Regards,
> Tobias
>
More information about the Users
mailing list