[strongSwan] Connecting but not connected
Tobias Brunner
tobias at strongswan.org
Mon Aug 19 12:16:59 CEST 2019
Hi Stephen,
> I
> will send updates for push and pull separately. Sorry for all the emails...
Don't bother with `push`, it's definitely not the way to go.
The problem now are your either the ESP algorithm proposals and/or the
traffic selectors (`left|rightsubnet`). Start with
`rightsubnet=0.0.0.0/0` as that's what's usually used for roadwarriors
(if L2TP should be used you can experiment with restricting the
ports/protocols too). If you still get a NO_PROPOSAL_CHOSEN notify try
adding `esp=aes128-sha1-modp2048` (that matches the IKE proposal,
however, if you actually have more specific information regarding the
ESP/IPsec proposal from your admin, use that).
Regards,
Tobias
More information about the Users
mailing list