That did the trick! Thank you Paul.
Yes I agree about the large modp. I have no idea why the cisco is trying that. -----Original Message----- From: Paul Wouters [mailto:[email protected]] Sent: Monday, May 30, 2016 10:29 AM To: Charles Wyble <[email protected]> Cc: [email protected] Subject: Re: [Swan] Issue connecting between Cisco 2811 and Ubuntu 14.04 - worked with strongswan On Mon, 30 May 2016, Charles Wyble wrote: > I’ve recently switched to libreswan (for VTI support). I can’t get the IPSEC > tunnel to connect. > > Here are the log snippets and configuration, please let me know if anything > else is needed. > 1. May 30 15:14:24: "satx" #1: ignoring informational payload > NO_PROPOSAL_CHOSEN, msgid=00000000, length=68 > 8. May 30 15:14:56: "satx" #2: Oakley Transform [OAKLEY_AES_CBC (128), > OAKLEY_SHA1, OAKLEY_GROUP_MODP4096] refused Seems the cisco wants: ike=aes128-sha1;modp4096 (such a large modp and a key size of 128 does not make much sense btw) > 41. ike=aes128-md5-modp1536 #P1: modp1536 = DH group 5 That does not match the cisco config.... > 50. remote_peer_type=cisco Do not use this unless you are using XAUTH user/password verification. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
