Tobias,
Makes sense, but just to understand what is going on and know how
to read the logs, are you saying that each "ESP:" prefix signifies a
separate proposal that is parsed independently (log below)? A single
proposal might have one or more algorithms separated by slashes, correct ?
Thanks,
Jafar
received proposals:
ESP:AES_GCM_16_128/AES_GCM_16_256/CHACHA20_POLY1305_256/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/NO_EXT_SEQ
On 5/1/2018 3:08 AM, Tobias Brunner wrote:
Hi,
I see an error in the strongswan
logs and I'm not sure what is going on here, and what I should do to
correct this:
There is nothing to correct as the connection gets successfully
established. If you have a closer look at the log you see that the
client sends not one, but four ESP proposals. The first one contains
only AEAD algorithms (AES-GCM etc.), which won't match your configured
proposal, hence, the "no acceptable ENCRYPTION_ALGORITHM found" message.
Then the second proposal is tried and that matches your configured
proposal and is selected.
Regards,
Tobias
