> Gesendet: Donnerstag, 13. Oktober 2016 um 17:32 Uhr > Von: "Noel Kuntze" <[email protected]> > An: [email protected], "Users strongswan" <[email protected]> > Betreff: Re: [strongSwan] Problem: strongswan 5.4 with sha2 > > On 13.10.2016 17:28, [email protected] wrote: > > Hi, > > > > I´m using a strongswan-5.4.0-2.el7.x86_64 on a CentOS 7. I´m trying to > > build a VPN connection with the following proposals: > > ike: RSA, DH20, AES256/SHA-2 > > esp: DH-14, AES256/SHA-2 > > > > I`ve tried it with this: > > ike=aes256-sha256-ecp384 > > esp=aes256-sha256-modp2048 > > > > but its not working. WHich would be the right setting for this ? > > > > Please provide configs and logs. My crystal balls are getting repaired right > now. > conn siteA left=my IP leftsubnet=my Subnet leftid=my IP right=site A IP rightsubnet=site A subnet rightid=site A ip authby=secret auto=start ikelifetime=28800s keylife=3600s keyexchange=ikev1 ike=aes256-sha256-ecp384 esp=aes256-sha256-modp2048
the is shown in the log, when I try to start up the connection: Oct 13 17:19:14 tia charon: 13[CFG] received stroke: initiate 'siteA' Oct 13 17:19:14 tia charon: 14[IKE] queueing ISAKMP_VENDOR task Oct 13 17:19:14 tia charon: 14[IKE] queueing ISAKMP_CERT_PRE task Oct 13 17:19:14 tia charon: 14[IKE] queueing MAIN_MODE task Oct 13 17:19:14 tia charon: 14[IKE] queueing ISAKMP_CERT_POST task Oct 13 17:19:14 tia charon: 14[IKE] queueing ISAKMP_NATD task Oct 13 17:19:14 tia charon: 14[IKE] queueing QUICK_MODE task Oct 13 17:19:14 tia charon: 14[IKE] activating new tasks Oct 13 17:19:14 tia charon: 14[IKE] activating ISAKMP_VENDOR task Oct 13 17:19:14 tia charon: 14[IKE] activating ISAKMP_CERT_PRE task Oct 13 17:19:14 tia charon: 14[IKE] activating MAIN_MODE task Oct 13 17:19:14 tia charon: 14[IKE] activating ISAKMP_CERT_POST task Oct 13 17:19:14 tia charon: 14[IKE] activating ISAKMP_NATD task Oct 13 17:19:14 tia charon: 14[IKE] sending XAuth vendor ID Oct 13 17:19:14 tia charon: 14[IKE] sending DPD vendor ID Oct 13 17:19:14 tia charon: 14[IKE] sending NAT-T (RFC 3947) vendor ID Oct 13 17:19:14 tia charon: 14[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID Oct 13 17:19:14 tia charon: 14[IKE] initiating Main Mode IKE_SA siteA [6] to IP siteA Oct 13 17:19:14 tia charon: 14[IKE] IKE_SA siteA [6] state change: CREATED => CONNECTING Oct 13 17:19:14 tia charon: 14[ENC] generating ID_PROT request 0 [ SA V V V V ] Oct 13 17:19:14 tia charon: 14[NET] sending packet: from myIP[500] to siteAIP[500] (216 bytes) Oct 13 17:19:14 tia charon: 16[NET] received packet: from siteAIP[500] to myIP[500] (64 bytes) Oct 13 17:19:14 tia charon: 16[ENC] parsed INFORMATIONAL_V1 request 0 [ N(NO_PROP) ] Oct 13 17:19:14 tia charon: 16[IKE] received NO_PROPOSAL_CHOSEN error notify Oct 13 17:19:14 tia charon: 16[IKE] IKE_SA siteA [6] state change: CONNECTING => DESTROYING I can see that no proposal was chosen, so which part of the configuration do I have to change ? Kind regards fatcharly _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
