Re: [strongSwan] NO_PROPOSAL_CHOSEN with android app

Mon, 03 Feb 2014 02:03:56 -0800 

Hi Mohsen,

since the IKE request arrives at our internal IP address you must set

  left=10.206.xxx.xxx

or more flexible

  left=%any

Regards

Andreas

On 02/01/2014 12:00 PM, Mohsen B.Sarmadi wrote:
> Hi
> 
> I am tring to connect StrongSwan android app to the server. my server
> reside in AWS EC2.
> I have opened the Amazon firewall, but i am keep getting
> NO_PROPOSAL_CHOSEN, which means i have something wrong in ipsec.conf
> 
> $ tail  /var/log/syslog
> 
> Feb  1 10:24:30 myEC2server charon: 10[CFG] added configuration 'rw-carol'
> Feb  1 10:24:55 myEC2server charon: 11[NET] received packet: from
> 80.47.xxx.xxx[47170] to 10.206.xxx.xxx[500] (660 bytes)
> Feb  1 10:24:55 myEC2server charon: 11[ENC] parsed IKE_SA_INIT request 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> Feb  1 10:24:55 myEC2server charon: 11[IKE] no IKE config found for
> 10.206.xxx.xxx...80.47.xxx.xxx, sending NO_PROPOSAL_CHOSEN
> Feb  1 10:24:55 myEC2server charon: 11[ENC] generating IKE_SA_INIT
> response 0 [ N(NO_PROP) ]
> Feb  1 10:24:55 myEC2server charon: 11[NET] sending packet: from
> 10.206.xxx.xxx[500] to 80.47.xxx.xxx[47170] (36 bytes)
> 
> $ cat /etc/ipsec.conf 
> # /etc/ipsec.conf - strongSwan IPsec configuration file
> 
> config setup
> 
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> left=107.22.xxx.xxx
> leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> leftcert=certificate.der
> leftid=107.22.xxx.xxx
> leftfirewall=yes
> 
> conn rw-carol
> right=%any
> rightsourceip=10.3.0.0/28 <http://10.3.0.0/28>
> rightcert=clientCer.der 
> rightauth = pubkey
> auto=add
> 
> this is my external ip : 107.22.xxx.xxx
> in android app i am trying to connect with IKEv2 Certificate.
> I have installed the .pfx in server and in the android app.
> 
> 
> 
> please help to understand the problem of my configuration.
> 
> Best
> Mohsen

======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to