On 13.10.2016 17:40, [email protected] wrote: > conn siteA > left=my IP > leftsubnet=my Subnet > leftid=my IP > right=site A IP > rightsubnet=site A subnet > rightid=site A ip > authby=secret > auto=start > ikelifetime=28800s > keylife=3600s > keyexchange=ikev1 > ike=aes256-sha256-ecp384 > esp=aes256-sha256-modp2048 >
> Oct 13 17:19:14 tia charon: 16[NET] received packet: from siteAIP[500] to > myIP[500] (64 bytes) > Oct 13 17:19:14 tia charon: 16[ENC] parsed INFORMATIONAL_V1 request 0 [ > N(NO_PROP) ] > Oct 13 17:19:14 tia charon: 16[IKE] received NO_PROPOSAL_CHOSEN error notify > Oct 13 17:19:14 tia charon: 16[IKE] IKE_SA siteA [6] state change: CONNECTING > => DESTROYING > > I can see that no proposal was chosen, so which part of the configuration do > I have to change ? The remote peer sends that. Pay attention to the exact order of events and what they say. Try limiting the sent set to only the configured proposal by appending an exclamation mark at the end of the cipher list. Maybe the software of the remote peer is broken in some way in the cipher selection. A remote peer can also send that message when it can't find a matching configuration, besides the cipher suites. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
