thanks, super helpful. I don't understand why IKE and ESP can't be the same. I know the child uses the IKE key exchange until rekey, but does this mean IKE can have DH params on IOS8, but ESP can't use them, and therefore no PFS is available?
Kind regards, Tom On 23 Jul 2015, at 16:48, Tobias Brunner <[email protected]> wrote: >> Can anyone suggest where I'm going wrong please? > > What's the deal with that constant reluctance to read the log files? > >> Jul 23 14:40:17 nibbler charon: 16[CFG] selecting proposal: >> Jul 23 14:40:17 nibbler charon: 16[CFG] no acceptable DIFFIE_HELLMAN_GROUP >> found >> Jul 23 14:40:17 nibbler charon: 16[CFG] received proposals: >> ESP:AES_GCM_16_256/NO_EXT_SEQ >> Jul 23 14:40:17 nibbler charon: 16[CFG] configured proposals: >> ESP:AES_GCM_16_256/MODP_4096/NO_EXT_SEQ >> Jul 23 14:40:17 nibbler charon: 16[IKE] no acceptable proposal found > > Regards, > Tobias > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
