Re: [Swan] what problem do I have here?

Marc via Swan Wed, 07 Feb 2024 11:31:04 -0800

> 
> This is a win10 client. What problem do I have here?
> 
> Feb  6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320: Child SA
> proposals (new child):
> Feb  6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320:
> 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-MODP2048-ENABLED+DISABLED
> Feb  6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320: no local
> proposal matches remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED
> Feb  6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320:
> CREATE_CHILD_SA request failed, responder SA processing returned
> NO_PROPOSAL_CHOSEN
> Feb  6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #211: responding
> to CREATE_CHILD_SA message (ID 118) from x.x.x.x:18369 with encrypted
> notification NO_PROPOSAL_CHOSEN
> Feb  6 21:49:09 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #321: Child SA
> proposals (new child):
> Feb  6 21:49:09 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #321:
> 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-MODP2048-ENABLED+DISABLED
> Feb  6 21:49:09 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #321: no local
> proposal matches remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED
> Feb  6 21:49:09 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #321:
> CREATE_CHILD_SA request failed, responder SA processing returned
> NO_PROPOSAL_CHOSEN
> Feb  6 21:49:09 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #211: responding
> to CREATE_CHILD_SA message (ID 119) from x.x.x.x:18369 with encrypted
> notification NO_PROPOSAL_CHOSEN
> Feb  6 21:50:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #322: Child SA
> proposals (new child):
> Feb  6 21:50:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #322:
> 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-MODP2048-ENABLED+DISABLED
> Feb  6 21:50:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #322: no local
> proposal matches remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED
> Feb  6 21:50:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #322:
> CREATE_CHILD_SA request failed, responder SA processing returned
> NO_PROPOSAL_CHOSEN
> Feb  6 21:50:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #211: responding
> to CREATE_CHILD_SA message (ID 120) from x.x.x.x:18369 with encrypted
> notification NO_PROPOSAL_CHOSEN


I think this results in:

20240206-084530 down
20240206-084530 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32

However windows is still in 'connected' state. So I have to disconnect and 
reconnect.


output from updown script:

20240206-083957 xfrm prepare-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-083957 xfrm route-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-084530 xfrm down-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-084530 down
20240206-084530 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-123803 xfrm up-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-123803 up
20240206-123803 xfrm prepare-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-123803 xfrm route-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-133503 xfrm down-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-133503 down
20240206-133503 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-134050 xfrm up-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-134050 up
20240206-134050 xfrm prepare-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-134050 xfrm route-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-143750 xfrm down-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-143750 down
20240206-143750 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-153623 xfrm up-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-153623 up
20240206-153623 xfrm prepare-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-153623 xfrm route-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-163323 xfrm down-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-163323 down
20240206-163323 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-173347 xfrm up-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-173347 up
20240206-173347 xfrm prepare-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-173347 xfrm route-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-183047 xfrm down-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-183047 down
20240206-183047 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-211332 xfrm up-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-211332 up
20240206-211332 xfrm prepare-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-211332 xfrm route-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-221032 xfrm down-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
20240206-221032 down
20240206-221032 xfrm unroute-client vpn-ikev2-crt eth1 x.x.x.x y.y.y.y/32
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] what problem do I have here?

Reply via email to