Hi Lars, > I am able to establish a SA from right to left (using ICMP ping from the > server). > > When the left side initiates the IKE negotiation, the server never > responds to the IKE_SA_INIT message. The event log says:
> An IPsec main mode negotiation failed. > Additional Information: > Keying Module Name:IKEv2 AFAIK, Windows 2008 Server does not support IKEv2 when using non-RAS transport mode connections. > keyexchange=ike When initiating from the Windows side, does it use IKEv1? If yes, you might try to enforce IKEv1 when strongSwan is initiating by setting keyexchange=ikev1. When using "ike", strongSwan prefers IKEv2 (but accepts IKEv1 as responder). Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
