[strongSwan] Tunnel established, but 'no acceptable ENCRYPTION_ALGORITHM found'

Jafar Al-Gharaibeh jafar at atcorp.com
Tue May 1 17:25:42 CEST 2018


     Makes sense, but just to understand what is going on and know how 
to read the logs, are you saying that each "ESP:" prefix signifies a 
separate proposal that is parsed independently (log below)? A single 
proposal might have one or more algorithms separated by slashes, correct ?


received proposals: 

On 5/1/2018 3:08 AM, Tobias Brunner wrote:
> Hi,
>> I see an error in the strongswan
>> logs and I'm not sure what is going on here, and what I should do to
>> correct this:
> There is nothing to correct as the connection gets successfully
> established.  If you have a closer look at the log you see that the
> client sends not one, but four ESP proposals.  The first one contains
> only AEAD algorithms (AES-GCM etc.), which won't match your configured
> proposal, hence, the "no acceptable ENCRYPTION_ALGORITHM found" message.
>   Then the second proposal is tried and that matches your configured
> proposal and is selected.
> Regards,
> Tobias

More information about the Users mailing list