[strongSwan] Tunnel established, but 'no acceptable ENCRYPTION_ALGORITHM found'
jafar at atcorp.com
Tue May 1 17:25:42 CEST 2018
Makes sense, but just to understand what is going on and know how
to read the logs, are you saying that each "ESP:" prefix signifies a
separate proposal that is parsed independently (log below)? A single
proposal might have one or more algorithms separated by slashes, correct ?
On 5/1/2018 3:08 AM, Tobias Brunner wrote:
>> I see an error in the strongswan
>> logs and I'm not sure what is going on here, and what I should do to
>> correct this:
> There is nothing to correct as the connection gets successfully
> established. If you have a closer look at the log you see that the
> client sends not one, but four ESP proposals. The first one contains
> only AEAD algorithms (AES-GCM etc.), which won't match your configured
> proposal, hence, the "no acceptable ENCRYPTION_ALGORITHM found" message.
> Then the second proposal is tried and that matches your configured
> proposal and is selected.
More information about the Users