[strongSwan] Error : remote host is behind NAT - received proposals inacceptable - generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
IL Ka
kazakevichilya at gmail.com
Wed Feb 13 21:05:46 CET 2019
Try "cfg 9" for charondebug , and check your logs
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Без
вирусов. www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
On Wed, Feb 13, 2019 at 9:55 PM MOSES KARIUKI <kariukims at gmail.com> wrote:
> Thanks Tobias for the quick response. I set this up, the Registry value
> and below configuration, but still the same error.
>
> config setup
> charondebug="ike 1, knl 1, cfg 0"
> uniqueids=no
>
> conn ikev2-vpn
> auto=add
> compress=no
> type=tunnel
> keyexchange=ikev2
> fragmentation=yes
> forceencaps=yes
> dpdaction=clear
> dpddelay=300s
> rekey=no
> left=%any
> leftid=102.1*9.2*9.**
> leftcert=server-cert.pem
> leftsendcert=always
> leftsubnet=0.0.0.0/0
> right=%any
> rightid=%any
> rightauth=eap-mschapv2
> rightsourceip=10.10.10.0/24
> rightdns=8.8.8.8,8.8.4.4
> rightsendcert=never
> eap_identity=%identity
> ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
> esp=aes256-sha256,aes256-sha1,3des-sha1!
>
> Thanks a lot
>
>
> On Wed, Feb 13, 2019 at 5:45 PM Tobias Brunner <tobias at strongswan.org>
> wrote:
>
>> Hi Moses,
>>
>> Configure an IKE proposal that's accepted by your peer (you disabled log
>> message for cfg, so you didn't see the details of the proposal
>> negotiation). Most likely the problem is that modp1024 is proposed, a
>> DH group strongSwan doesn't include in its default IKE proposal anymore.
>> So to use it, IKE proposals have to be configured explicitly. Also see
>> [1] for information on how to get Windows to use at least modp2048.
>>
>> Regards,
>> Tobias
>>
>> [1]
>>
>> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
>>
>
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Без
вирусов. www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190213/a64e9812/attachment-0001.html>
More information about the Users
mailing list