Have you tried limiting the proposals supported? ike=aes128-sha1-modp1024 esp=aes128-sha1
If you don't specify the proposal, everything is sent. Can you increase the debugging on ike so we can look a little more at the proposal and configured? Regards, Randy On Thu, Jul 16, 2015 at 2:08 PM, Aaron <[email protected]> wrote: > Hi, I have strongswan setup in a host to host configuration using a shared > secret for testing, but am not able to get it to establish a tunnel. The > left side attempts to retransmit packets till it gives up and on the right > side I receive this error. Any help appreciated. Thanks! > > Jul 16 21:01:19 vpn02 charon: 12[NET] received packet: from > 10.100.1.20[500] to 10.100.1.131[500] (36 bytes) > Jul 16 21:01:19 vpn02 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ > N(NO_PROP) ] > Jul 16 21:01:19 vpn02 charon: 12[IKE] received NO_PROPOSAL_CHOSEN notify > error > > #ipsec.conf file > #right side and leftside are identical > config setup > charondebug=all > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > authby=psk > > conn rw > left=10.100.1.20 > leftid=10.100.1.20 > leftfirewall=no > right=10.100.1.131 > rightid=10.100.1.131 > auto=start > authby=psk > > # ipsec.secrets file > : PSK "mypsksecret" > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
