Hi Marco, > Here are the two outputs: > > (non working) > [IKE] initiating Main Mode IKE_SA cbt[494] to 31.169.105.210 > [ENC] generating ID_PROT request 0 [ SA V V V V V ] > [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (180 > bytes)
So you're using IKEv1 now? (Was IKEv2 in your original mail, and you should definitely prefer that if you can.) > Why only 180 bytes? > > [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (40 > bytes) > [ENC] parsed INFORMATIONAL_V1 request 0 [ N(NO_PROP) ] > [IKE] received NO_PROPOSAL_CHOSEN error notify > > > (working) > initiating Main Mode IKE_SA cbt[499] to 31.169.105.210 > generating ID_PROT request 0 [ SA V V V V V ] > sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (248 bytes) > > this time strongswan send a 248 bytes ike packet? Different IKE proposals. With ipsec.conf the default proposal(s) are added to whatever you configure in ike/esp unless that ends with a !. With swanctl.conf the default proposal(s) have to be added explicitly to the IKE/ESP proposals (e.g. in your example `proposals = 3des-sha1-modp1024, default`) . So that indicates your configured proposal is incorrect. But that's a completely different problem than the one you had before with IKEv2. Regards, Tobias
