Here are the Linux logs - connecting to a Win10 21H2 machine right now for testing, will migrate over to Server 2019/2022 eventually. Thanks!
09[NET] received packet: from Windows[500] to Linux[500] (256 bytes) 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ] 09[IKE] no IKE config found for Linux...Windows, sending NO_PROPOSAL_CHOSEN 09[ENC] generating INFORMATIONAL_V1 request 2032397121 [ N(NO_PROP) ] 09[NET] sending packet: from Linux[500] to Windows[500] (40 bytes) 05[NET] received packet: from Windows[500] to Linux[500] (256 bytes) 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ] 05[IKE] no IKE config found for Linux...Windows, sending NO_PROPOSAL_CHOSEN 05[ENC] generating INFORMATIONAL_V1 request 1617066194 [ N(NO_PROP) ] 05[NET] sending packet: from Linux[500] to Windows[500] (40 bytes) 11[NET] received packet: from Windows[500] to Linux[500] (256 bytes) 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ] 11[IKE] no IKE config found for Linux...Windows, sending NO_PROPOSAL_CHOSEN 11[ENC] generating INFORMATIONAL_V1 request 728440835 [ N(NO_PROP) ] 11[NET] sending packet: from Linux[500] to Windows[500] (40 bytes) On Fri, May 20, 2022 at 9:43 AM IL Ka <[email protected]> wrote: > What about Linux logs? > Run ``swanctl --log`` on Linux and reinitiate connection. > Which version of Windows btw? > > On Fri, May 20, 2022 at 4:16 PM Tyler Phillippe <[email protected]> > wrote: > >> Hello all! I am attempting to connect a Linux machine to Windows via >> Strongswan in a host-to-host configuration. I tested with Windows to >> Windows using the built-in firewall and it connected instantly. I changed >> the default Windows integrity and encryption ciphers and I think I changed >> them in the Linux Strongswan configuration. However, I am not getting any >> connection between the hosts and I can't find any logs on the Windows >> machine to help me narrow down what the issue is. It definitely does not >> work, since the SSH session on the Linux machine fails out. Below is the >> swanctl.conf file on my Linux machine. And, I know it's not the most secure >> method - I'm just trying to get it to initially connect with a PSK since >> that's the simplest for now. Windows doesn't support modp3072 >> unfortunately, so I had to manually set the Linux config below to modp2048. >> The Windows firewall is set to use AES-CBC 128, SHA-256, MODP2048 for key >> exchange and ESP AES-CBC 128, SHA-256 for data protection. What am I doing >> wrong? Thanks everyone!! >> >> connections { >> linuxHost { >> local_addrs = (Linux machine) >> remote_addrs = (Windows machine) >> proposals = aes128-sha256-modp2048 >> local { >> auth = psk >> } >> remote { >> auth = psk >> } >> children { >> linuxHost { >> esp_proposals = aes128-sha256-modp2048 >> mode = transport >> } >> } >> version = 2 >> reauth_time = 10800 >> } >> } >> >> secrets { >> ike { >> secret = <psk> >> } >> } >> >
