Hi Yogesh, > received > proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ > configured > proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ, > ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
> Why is it saying no acceptable DH group when it is same ? Because they aren't the same. If you look (more closely, I guess) at the log output above you'll see that the received proposal includes a DH group, while the configured proposal that matches the proposed integrity algorithm (sha256) doesn't. The first configured proposal includes a matching DH group, but its integrity algorithm doesn't match (sha1). So fix your ESP proposal: esp=aes256-sha256-modp2048 (and optionally end it with !). Regards, Tobias
