Hi Graham, > selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ > DH group MODP_2048 inacceptable, requesting MODP_1024
> The client sends back N(INVAL_KE) to the server and we then get into > an endless cycle of trying to renegotiate the tunnel rekey. The procedure looks correct so far, but the server should retry rekeying with the correct group. What does the server show in its log? Does it receive the MODP_1024 request, but retries again with MODP_2048? > is this a bug in strongSwan ? Looks like. > the server a hacked version of strongSwan 4.3.2. Have you tried a more recent version on the server? Haven't found a related changelog, but maybe we have fixed this issue in the last one-and-a-half years. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
