On 13.10.2016 17:40, fatcha...@gmx.de wrote:
> conn siteA
>         left=my IP
>         leftsubnet=my Subnet
>         leftid=my IP
>         right=site A IP
>         rightsubnet=site A subnet
>         rightid=site A ip
>         authby=secret
>         auto=start
>         ikelifetime=28800s
>         keylife=3600s
>         keyexchange=ikev1
>         ike=aes256-sha256-ecp384
>         esp=aes256-sha256-modp2048
> 

> Oct 13 17:19:14 tia charon: 16[NET] received packet: from siteAIP[500] to 
> myIP[500] (64 bytes)
> Oct 13 17:19:14 tia charon: 16[ENC] parsed INFORMATIONAL_V1 request 0 [ 
> N(NO_PROP) ]
> Oct 13 17:19:14 tia charon: 16[IKE] received NO_PROPOSAL_CHOSEN error notify
> Oct 13 17:19:14 tia charon: 16[IKE] IKE_SA siteA [6] state change: CONNECTING 
> => DESTROYING
> 
> I can see that no proposal was chosen, so which part of the configuration do 
> I have to change ?

The remote peer sends that. Pay attention to the exact order of events and what 
they say.
Try limiting the sent set to only the configured proposal by appending an 
exclamation mark
at the end of the cipher list. Maybe the software of the remote peer is broken 
in some way
in the cipher selection.

A remote peer can also send that message when it can't find a matching 
configuration,
besides the cipher suites.

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to