Hi Martin,
> AFAIK, Windows 2008 Server does not support IKEv2 when using non-RAS
> transport mode connections.
Great advice! using:
keyexchange=ikev1
the main mode now completes!
On to the quick mode neg., which fails:
generating QUICK_MODE request 2717344713 [ HASH SA No KE ID ID ]
sending packet: from 192.168.0.3[500] to 192.168.0.2[500] (300 bytes)
received packet: from 192.168.0.2[500] to 192.168.0.3[500] (76 bytes)
parsed INFORMATIONAL_V1 request 2390185800 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'host-host' failed
The event log:
EventID 4654:
An IPsec quick mode negotiation failed.
Additional Information:
Protocol:0
Keying Module Name:IKEv1
Virtual Interface Tunnel ID:0
Traffic Selector ID:0
Mode:Transport
Role:Responder
Quick Mode Filter ID:66029
Main Mode SA ID:144
Failure Information:
State:No state
Message ID:3573913272
Failure Point:Local computer
Failure Reason:Policy match error
In wireshark the Quick mode request does not really contain any proposals,
should it?
The server quick mode settings includes ESP sha1-3des.
Any ideas?
Regards,
Lars
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
