The connection setup gets now very far but finally fails because the pools defined by
pools = primary-pool-ipv4, primary-pool-ipv6 don't seem be defined (have you added a pools section in swanctl.conf?) and therefore no virtual IP can be allocated to the initiator Wed, 2018-03-28 08:31 15[IKE] <ikev2-pubkey|1> peer requested virtual IP %any no virtual IP found for %any requested by 'C=US, O=Quantum CN=aries.darkmatter.org' peer requested virtual IP %any6 no virtual IP found for %any6 requested by 'C=US, O=Quantum CN=aries.darkmatter.org' no virtual IP found, sending INTERNAL_ADDRESS_FAILURE Regards Andreas On 28.03.2018 17:37, Info wrote: > I have no way of interpreting the syntax of these proposals as there's > no definitive description. Maybe '-' separates different options in a > category and ',' separates categories? But it also doesn't explain > "classic and combined-mode algos" nor not to mix them. I can't know > these things by instinct. > > Something else is wrong with the example. I copied it -exactly- (except > I used your esp_proposals), and the error log is attached. > > > > On 03/28/2018 02:21 AM, Andreas Steffen wrote: >> Hi, >> >> as your log explicitly says: >> >>> Tue, 2018-03-27 15:13 15[CFG] classic and combined-mode (AEAD) >>> encryption algorithms can't be contained in the same IKE proposal >> Thus instead of >> >> esp_proposals = >>> aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072,default >> you must define >> >> esp_proposals = >> aes192gcm16-aes128gcm16-ecp256,aes192-sha256-ecp256-modp3072,default >> >> Regards >> >> Andreas >> > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
