[strongSwan] Error : remote host is behind NAT - received proposals inacceptable - generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Tobias Brunner
tobias at strongswan.org
Wed Feb 13 15:45:16 CET 2019
Hi Moses,
Configure an IKE proposal that's accepted by your peer (you disabled log
message for cfg, so you didn't see the details of the proposal
negotiation). Most likely the problem is that modp1024 is proposed, a
DH group strongSwan doesn't include in its default IKE proposal anymore.
So to use it, IKE proposals have to be configured explicitly. Also see
[1] for information on how to get Windows to use at least modp2048.
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
More information about the Users
mailing list