[strongSwan] Issue of "no IKE config found for ..., sending NO_PROPOSAL_CHOSEN"
Tobias Brunner
tobias at strongswan.org
Wed Sep 4 16:58:13 CEST 2019
Hi Jianjun,
According to the log, the configuration is not loaded when the peer is
trying to connect:
> 00[JOB] spawning 16 worker threads
> 05[NET] received packet: from 10.162.19.54[500] to 10.162.19.55[500]
> (660 bytes)
> 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) N(HASH_ALG) ]
> 05[CFG] looking for an ike config for 10.162.19.55...10.162.19.54
> 05[IKE] no IKE config found for 10.162.19.55...10.162.19.54, sending
> NO_PROPOSAL_CHOSEN
There should be something like:
> 05[CFG] received stroke: add connection 'host54'
> 05[CFG] added configuration 'host54'
> 07[CFG] received stroke: route 'host54'
Until that happens the peer won't be able to connect. Also, your host
should initiate the connection afterwards if GRE traffic with matching
IPs hits the installed trap policy. Note that `left=0.0.0.0` is
replaced in the trap policy with the local IP address:
> Routed Connections:
> host54 {1}: ROUTED, TRANSPORT, reqid 1
> host54 {1}: 10.162.19.55/32[gre] === 10.162.19.54/32[gre]
Regards,
Tobias
More information about the Users
mailing list