Hi, Why did you remove the integrity algorithm from the proposal? Use a a known integrity algorithm in the proposal and it will work.
Kind regards Noel On 19.01.2018 15:35, Sujoy wrote: > Hi Noel and lists, > > I am getting the following error while trying to connect from OpwnWRT, the > same server with other Linux clients are connected. There are no logs > available in the device. The device connected but failed to establish > *tunnel.* > > it will be a big help for me, if anyone can help in solving this issue. > Thanks a lot once again for the support. > > > > Server screen > > > > Thanks > > On Tuesday 16 January 2018 11:23 PM, Noel Kuntze wrote: >> Hi, >> >> Check the logs of the remote side. >> It means the remote peer did not like the proposed traffic selector. It was >> probably outside of the network range that its own configuration allows, >> meaning narrowing failed. >> >> Kind regards >> >> Noel >> >> >> On 16.01.2018 07:25, Sujoy wrote: >>> Hi Noel, >>> >>> Same strongswan 5.3.3 configuration working in my VM(client) to desktop >>> server. But not working from my OpenWRT to Global IP used nated Linux >>> server. Can you help me to solve this. >>> >>> what means "received TS_UNACCEPTABLE notify, no CHILD_SA built" >>> >>> Server config file. >>> >>> >>> >>> >>> Thanks & Regards >>> >>> Sujoy >>> >>> On Thursday 04 January 2018 03:38 AM, Noel Kuntze wrote: >>>> Hi, >>>> >>>> Only on the responder. >>>> If you use dpd and enforce UDP encapsulation, you do not need to open any >>>> ports on the initiator side. >>>> Refer to the UsableExamples wiki page[1] for example configurations that >>>> are usable in the real world. >>>> >>>> Kind regards >>>> >>>> Noel >>>> >>>> [1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples >>>> >>>> On 28.12.2017 08:51, Sujoy wrote: >>>>> Hi All, >>>>> >>>>> >>>>> We want to implement StrongSwan,with IPsec in OpenWRT. IPSec server will >>>>> be running in CentOS and the OpenWRt router will connect to it using VPN. >>>>> I have configured the server part, struggling to configure the client >>>>> part. Do we need to open port 4500 for this first. >>>>> >>>>> Anyone can suggest any solution for this. >
signature.asc
Description: OpenPGP digital signature