forgot to add the --enable-openssl to the ./configure
> On 11 Aug 2018, at 22:31, Christian Salway <christian.sal...@naimuri.com> > wrote: > > I am unable to connect from StrongSwan client with an error that doesnt make > sense: > > > Aug 11 21:26:17 15[CFG] looking for an ike config for 10.0.1.216...x.x.x.x > Aug 11 21:26:17 15[CFG] candidate: %any...%any, prio 28 > Aug 11 21:26:17 15[CFG] found matching ike config: %any...%any with prio 28 > Aug 11 21:26:17 15[IKE] x.x.x.x is initiating an IKE_SA > Aug 11 21:26:17 15[IKE] IKE_SA (unnamed)[21] state change: CREATED => > CONNECTING > Aug 11 21:26:17 15[CFG] selecting proposal: > Aug 11 21:26:17 15[CFG] proposal matches > Aug 11 21:26:17 15[CFG] received proposals: > IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384 > Aug 11 21:26:17 15[CFG] configured proposals: > IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384, > IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, > IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384, > IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 > Aug 11 21:26:17 15[CFG] selected proposal: > IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384 > Aug 11 21:26:17 15[CFG] received supported signature hash algorithms: sha256 > sha384 sha512 identity > Aug 11 21:26:17 15[IKE] local host is behind NAT, sending keep alives > Aug 11 21:26:17 15[IKE] remote host is behind NAT > Aug 11 21:26:17 15[IKE] DH group ECP_384 inacceptable, requesting ECP_384 > > CLIENT > conn %default > ike=aes256gcm16-prfsha384-ecp384! > esp=aes256gcm16-ecp384! > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > > conn test > leftsourceip=%config4 > leftauth=eap > eap_identity=christian.salway > rightid=vpnserver > right=x.x.x.x > rightauth=pubkey > rightsubnet=0.0.0.0/0 > auto=start > > > SERVER > config setup > uniqueids = replace > > conn %default > > ike=aes256gcm16-prfsha384-ecp384,aes128gcm16-prfsha256-ecp256,aes256-sha384-ecp384,aes128-sha256-ecp256,aes256-sha256-modp2048! > > esp=aes256gcm16-ecp384,aes128gcm16-ecp256,aes256gmac-ecp384,aes128gmac-ecp256,aes256-sha256,aes256-sha1! > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > > conn pod > leftid=vpnserver > leftauth=pubkey > leftcert=vpnserver.crt > leftsendcert=always > leftsubnet=10.0.0.0/8 > rightid=%any > rightsourceip=10.0.76.0/22 > rightauth=eap-radius > eap_identity=%identity > auto=start