[strongSwan] strongswan no shared key found
Tobias Brunner
tobias at strongswan.org
Thu Sep 2 10:09:16 CEST 2021
Hi,
> [ENC] generating QUICK_MODE request 925866246 [ HASH SA No ID ID ]
> [NET] sending packet: from locip[500] to ipsecip[500] (172 bytes)
> [NET] received packet: from ipsecip[500] to locip[500] (108 bytes)
> [ENC] parsed INFORMATIONAL_V1 request 3675363864 [ HASH N((24576)) ]
> [IKE] received (24576) notify
> [NET] received packet: from ipsecip[500] to locip[500] (92 bytes)
> [ENC] parsed INFORMATIONAL_V1 request 2592328021 [ HASH N(NO_PROP) ]
> [IKE] received NO_PROPOSAL_CHOSEN error notify
>
> Does anyone know how I could proceed?
You received a NO_PROPOSAL_CHOSEN notify to the Quick Mode request, so
what you configured in esp_proposals or mode is apparently not what the
peer expected. Maybe there is no PFS, so try removing modp1024 from the
ESP proposal. Or it should be tunnel mode, i.e. set mode=tunnel (or
remove the setting), with or without PFS. If none of that works,
contact the admins to learn what the correct settings actually are (of
course, you should have started with that in the first place :).
Regards,
Tobias
More information about the Users
mailing list