No proposal found strongswan android

strongSwan

Задачи

Issue #2969

received NO_PROPOSAL CHOSEN error notify

Описание

I am trying to configure my client on rasppyberry pi for a remote VPN server(Shrew) provided with the following information.
I am trying to configure my client using VPN (strongswan) to access the remote server whose DNS is
vpngw.fh-kempten.de

Details of my remote VPN Server are:

My ipsec configuration file looks like the following (Recommend me any changes if needed?)

My ipsec.secrete file looks like¶

With above configuration, when I run my ipsec command i get the following error¶

My motivation is to access the shared drive which is present on the remote VPN server
I am looking for help as I am newbie to this stuff and already scratched my head on it for about 3 weeks before posting here. so
my expectations from this forum are very high.
Looking forward to the kind responses:)
Thanks in advance!!

Связанные задачи

История

#1 Обновлено Tobias Brunner больше 2 лет назад

• Описание обновлено (diff)
• Параметр Категория изменился с libstrongswan на configuration
• Параметр Статус изменился с New на Feedback
• Параметр Приоритет изменился с Immediate на Normal

We discussed this on serverfault.com already. Apparently, not successfully.

If you receive a NO_PROPOSAL_CHOSEN notify it means the peers is not happy about any of the algorithms or authentication methods. In your case it might be related to this:

If you only propose PSK authentication and not PSK+XAuth the server is probably not happy about it. So you want to set leftauth2 to xauth.

#2 Обновлено Saqib Shakeel больше 2 лет назад

Okay, Thanks for your reply. whith , what changes are expected in

#3 Обновлено Tobias Brunner больше 2 лет назад

• Описание обновлено (diff)

You need to add an XAUTH secret.

#4 Обновлено Saqib Shakeel больше 2 лет назад

Now after following your suggestion, I am getting this error

#5 Обновлено Saqib Shakeel больше 2 лет назад

Update:¶

When I run it by commenting aggressive mode. It gives me the following output..

#6 Обновлено Saqib Shakeel больше 2 лет назад

Update :
After changing settings in the secrete file

I got this output(Remember the default server setting for aggressive is on but the following output is without aggressive)

Desperately looking for your kind recommendations 🙂

#7 Обновлено Tobias Brunner больше 2 лет назад

The last error indicates an incorrect PSK. The one above (about the XAuth method) I commented on already on serverfault.com (you need the xauth-generic plugin).

#8 Обновлено Saqib Shakeel больше 2 лет назад

Saqib Shakeel wrote:

Update :
After changing settings in the secrete file

I got this output(Remember the default server setting for aggressive is on but the following output is without aggressive)

[. ]
Desperately looking for your kind recommendations 🙂

is correct in secrete file??

and I have reverified the PSK with my university server, it matches. Also, for xauth-generic,I also commented on serverfault.com, I am trying to install xauth-generic plugin using

but I am getting this error

Your thoughts please??

and just for reference, My current .config has the following content

and .secretes has

please let me know if I am doing anything wrong.
Many thanks,

#9 Обновлено Tobias Brunner больше 2 лет назад

and I have reverified the PSK with my university server, it matches.

According to the log it might be wrong (you wrote «Password_of_my_Wifi» above, but the PSK is for the VPN not the WiFi and obviously not yours but that of your university).

Also, for xauth-generic,I also commented on serverfault.com, I am trying to install xauth-generic plugin using
[. ]
but I am getting this error
[. ]

Your thoughts please??

You need to adapt that to your distribution. Individual packages for plugins were only available on older Ubuntu releases. On newer ones the plugin is in the libcharon-standard-plugins package.

and just for reference, My current .config has the following content

You don’t need rightauth2, only leftauth2. authby is not used if you set left|rightauth. You also don’t need to specify left. type = transport is probably wrong too (unless you want to use L2TP, which doesn’t seem to be the case according to the original description), just remove it or set it to tunnel. To request a virtual IP from the server (mode config) you also want to set leftsourceip = %config.

As mentioned above, you don’t need the PSK of your Wi-Fi. If the first PSK is correct you should get past that step.

Источник

strongSwan

Задачи

Issue #570

Android native VPN client to Strongswan problem

Описание

i’ve been banging my heads against this issue for several days and i cannot establish connection with VPN server (Centos/Strongswan v5.1.2) from my Android phone using IPSec Xauth RSA (ikev1) connection type. I tried various tutorials but the problem remains the same. Have no problem connecting from iPhone (ikev1).

I am getting «invalid HASH_V1 payload length, decryption failed?» error

This is the configuration for the strongswan connection

Is there something I did wrong?

Связанные задачи

История

#1 Обновлено Ashok Thota почти 7 года назад

Hi
Can you please the paste the configuration of iOS here, because i am getting this error from so many days and there is no clue how to dig out or you can help me out from this problem.

Thanks in advance

#2 Обновлено Tobias Brunner почти 7 года назад

• Описание обновлено (diff)
• Параметр Статус изменился с New на Feedback

This may be related to #836. Are you sure the client is configured for XAuth/RSA authentication (and not only RSA authentication)? Do you have any logs from the client? What Android version is running on the client? On what kind of device?

Connecting from Android 4.4.4 (Nexus 5) with XAuth/RSA works fine here.

#3 Обновлено Tobias Brunner почти 7 года назад

• связана сIssue #836: invalid HASH_V1 payload length, decryption failed?could not decrypt payloads,message parsing failed,ignore malformed INFORMATIONAL request добавлен

#4 Обновлено G. G. больше 6 лет назад

Got the same issue on Android 5.0+.
According to the logs on the phone (adb / logcat), it looks like racoon has some issue with the certificate.

#5 Обновлено Tobias Brunner около 6 лет назад

• Параметр Категория изменился на configuration
• Параметр Статус изменился с Feedback на Closed
• Параметр Назначена изменился на Tobias Brunner
• Параметр Resolution изменился на No change required

Sounds like a client issue (or a configuration issue if the certificate is unsuitable). Closing this for now.

#6 Обновлено Bowen Sun больше 5 лет назад

I’m having the same issue with strongswan 5.1.2 , the same config works on iOS(9.3) but not OS X(10.11.4).

Источник

strongSwan

Задачи

Issue #676

OSX Native Client (Racoon) —> Strongswan Server «no IKE config found for 10.0.0.135. XX.XXX.XXX.X, sending NO_PROPOSAL_CHOSEN»

Описание

I am assigning my issue you to you because I see you reply often—if that is inappropriate somehow I apologize. Hopefully someone who knows more what they are doing can take one look at this and save me from more weeks of surfing Wikis and beating my head against the wall 🙂

Am attempting to connect an OSX Native Client (using Racoon) to my server running self-compiled Strongswan 5.2.0 on Ubuntu Trusty 14.04.

I would rather not mess with the Racoon configuration because I would like to be able to distribute credentials to folks on OSX and not require extensive client configuration, but I am willing to mess with that if necessary.

I believe my certificates are generated/installed correctly and I am attempting «xauthrsasig» authentication.

I have attempted to add encryption settings to match Racoon (aes-sha1-modp1024) for «ike» and «esp» parameters but that is to no avail in obtaining a connection.

Here is my server config, following as closely to the documentation as possible:

Here is the syslog from the Strongswan server from Ipsec start to end of failed connection:

Here is the log from Racoon log from failed connection:

I have tried a thousand things based on this and other wikis and am very much at a loss. Do you have any recommendations? I do not even know where to start.

История

#1 Обновлено Matthew Pilon больше 7 лет назад

I forgot to mask my IP in the title :/

#2 Обновлено Tobias Brunner больше 7 лет назад

• Параметр Тема изменился с OSX Native Client (Racoon) —> Strongswan Server «no IKE config found for 10.0.0.135. XX.XXX.XXX.x, sending NO_PROPOSAL_CHOSEN» на OSX Native Client (Racoon) —> Strongswan Server «no IKE config found for 10.0.0.135. XX.XXX.XXX.X, sending NO_PROPOSAL_CHOSEN»
• Параметр Статус изменился с New на Feedback
• Параметр Назначена изменился с Andreas Steffen на Tobias Brunner
• Параметр Приоритет изменился с High на Normal

These settings will not result in a usable configuration in this scenario. Because at least one of left|rightauth is configured authby will be ignored, and because left|rightauth default to pubkey you end up with:

To use XAuth with RSA either remove/comment the two rightauth lines and only configure authby or remove/comment all of them and just configure rightauth2=xauth.

I have tried a thousand things based on this and other wikis and am very much at a loss. Do you have any recommendations? I do not even know where to start.

We have some notes on iOS/Mac OS X interoperability and you could also run strongSwan on Mac OS X.

#3 Обновлено Matthew Pilon около 7 лет назад

Thank you much for your support here Tobias!!

Indeed, I had many of my own kinks to work out. And work them out I did over many hours and days.

I will say now that I had already found the links you posted (iOS/Mac OS X interoperability, strongSwan on Mac OS X), but for a complete beginner these were a little abstract and incomplete. Certainly not your fault I am a beginner 🙂

Also, on OSX I had no luck with the strongSwan on OSX app. Maybe I was doing it wrong, but there was no place to select a machine certificate and I couldn’t figure out where to set encryption and integrity algorithms. (No matching encryption algorithms was a complaint of the application.) **Most importantly, on my OSX system trying to connnect there were what appeared to me as highly complex and serious application errors in the log, so it kind of scared me off.

I am going to post some details and findings (as a beginner of course) and my configuration here in case it helps anyone who is attempting to connect OSX/iOS via native OSX VPN connection (tested up to iOS 7 and OSX Yosemite — 10.10) to a Strongswan server on Ubuntu.

+ My Strongswan is on Ubuntu Trusty on Amazon, for which this (https://wiki.strongswan.org/projects/strongswan/wiki/AwsVpc) was a solid guide.

+ For anyone on Ubuntu server, it is important to note that you can install many Strongswan plugins via Ubuntu packages rather than recompiling Strongswan manually, and **ONE SHOULD NOT ASSUME THE STRONGSWAN PLUGINS THEY NEED ARE INSTALLED 🙂 Here is an example of the XAUTH plugin I needed to install for Strongswan on Ubuntu. http://packages.ubuntu.com/trusty/strongswan-plugin-xauth-noauth

+ I did complete the certificate generation exactly (or almost exactly) as prescribed in the iOS/Mac OS X interoperability. Someone on a Mac forum said they needed to change the size of the key to 1024 in the «ipsec gen» utility (by adding the flag «—size 1024») to get OSX to use the key in their case. I generated my keys so long ago I don’t remember if I did that or not. I don’t think you need to do that.

**WHEN YOU IMPORT THE CERTIFICATE INTO OSX KEYCHAIN «SYSTEM» MUST BE CHOSEN AS THE KEYCHAIN — NOT «LOGIN»!! 🙂

**These keys also work for Windows. The windows guide to installing certificates on Strongswan’s website is complete. My windows configuration is also below.

+ When you configure the native OSX client, use System Preferences >>> Network >>> (+ sign to add connection) >>> Choose Interface «VPN» and «Cisco IPSec» for VPN Type. Under Authentication settings you will need to select the system certificate you installed.

Here is the config I am using:

#4 Обновлено Tobias Brunner около 7 лет назад

• Параметр Статус изменился с Feedback на Closed
• Параметр Resolution изменился на No change required

OK, great you got it working. I’ve added a description of the configuration on Mac OS X to IOS_(Apple).

Источник

No proposal found strongswan android

Добрый день.
Помогите разобраться с ipsec.

ОС
Linux ipsec 3.16.0-4-686-pae #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) i686 GNU/Linux

версия ipsec
root@ipsec:/etc/ipsec.d# ipsec version
Linux strongSwan U5.2.1/K3.16.0-4-686-pae
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See ‘ipsec —copyright’ for copyright information.

root@ipsec:/etc/ipsec.d# cat /etc/strongswan.conf
# strongswan.conf — strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files

charon <
load_modular = yes
plugins <
include strongswan.d/charon/*.conf
>
>

root@ipsec:/etc/ipsec.d# cat /etc/ipsec.conf
# ipsec.conf — strongSwan IPsec configuration file

config setup
# uniqueids=never
charondebug=»cfg 2, dmn 2, ike 2, net 2″

conn чfault
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=vpnHostCert.pem
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=172.16.16.0/24

conn IPSec-IKEv2
keyexchange=ikev2
auto=add

conn IPSec-IKEv2-EAP
also=»IPSec-IKEv2″
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any

conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add

root@ipsec:/etc/ipsec.d# cat /etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.

# this file is managed with debconf and will contain the automatically created private key
#include /var/lib/strongswan/ipsec.secrets.inc

: RSA vpnHostKey.pem
user1 : EAP «Qwerty123»
user2 : XAUTH «Qwerty_123»

Сертификаты создал и импортировал в win7, когда подключаюсь система выдает ошибку 13806

Вот лог подключения, не вижу в нем ошибку

Nov 2 04:50:26 ipsec charon: 09[NET] received packet: from 192.168.50.5[500] to 192.168.50.51[500]
Nov 2 04:50:26 ipsec charon: 09[NET] waiting for data on sockets
Nov 2 04:50:26 ipsec charon: 03[NET] received packet: from 192.168.50.5[500] to 192.168.50.51[500] (528 bytes)
Nov 2 04:50:26 ipsec charon: 03[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Nov 2 04:50:26 ipsec charon: 03[CFG] looking for an ike config for 192.168.50.51. 192.168.50.5
Nov 2 04:50:26 ipsec charon: 03[CFG] candidate: %any. %any, prio 28
Nov 2 04:50:26 ipsec charon: 03[CFG] candidate: %any. %any, prio 28
Nov 2 04:50:26 ipsec charon: 03[CFG] found matching ike config: %any. %any with prio 28
Nov 2 04:50:26 ipsec charon: 03[IKE] 192.168.50.5 is initiating an IKE_SA
Nov 2 04:50:26 ipsec charon: 03[IKE] IKE_SA (unnamed)[9] state change: CREATED => CONNECTING
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found
Nov 2 04:50:26 ipsec charon: 03[CFG] selecting proposal:
Nov 2 04:50:26 ipsec charon: 03[CFG] proposal matches
Nov 2 04:50:26 ipsec charon: 03[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Nov 2 04:50:26 ipsec charon: 03[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_4096, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_4096, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1536, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 2 04:50:26 ipsec charon: 03[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Nov 2 04:50:26 ipsec charon: 03[IKE] sending cert request for «C=CH, O=strongSwan, CN=strongSwan Root CA»
Nov 2 04:50:26 ipsec charon: 03[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Nov 2 04:50:26 ipsec charon: 03[NET] sending packet: from 192.168.50.51[500] to 192.168.50.5[500] (337 bytes)
Nov 2 04:50:26 ipsec charon: 10[NET] sending packet: from 192.168.50.51[500] to 192.168.50.5[500]
Nov 2 04:50:56 ipsec charon: 02[JOB] deleting half open IKE_SA after timeout
Nov 2 04:50:56 ipsec charon: 02[IKE] IKE_SA (unnamed)[9] state change: CONNECTING => DESTROYING

Подскажите, в каком направлении искать ошибку?

Ответить | Правка | Cообщить модератору

Оглавление

Настройка strongswan, ipsec, ikev2, PavelR, 16:37 , 02-Ноя-17, (1) Настройка strongswan, ipsec, ikev2, ivandog, 09:58 , 03-Ноя-17, (2) Настройка strongswan, ipsec, ikev2, ACCA, 05:58 , 08-Ноя-17, (3) Настройка strongswan, ipsec, ikev2, ivandog, 09:31 , 09-Ноя-17, (4) Настройка strongswan, ipsec, ikev2, PavelR, 10:21 , 09-Ноя-17, (5) +1 Настройка strongswan, ipsec, ikev2, ACCA, 13:07 , 18-Ноя-17, ( 6 ) Настройка strongswan, ipsec, ikev2, ACCA, 13:08 , 18-Ноя-17, ( 7 )

Сообщения по теме

[Сортировка по времени | RSS]

1. «Настройка strongswan, ipsec, ikev2»	+ / –
Сообщение от PavelR (??) on 02-Ноя-17, 16:37
Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

	2. «Настройка strongswan, ipsec, ikev2»	+ / –
	Сообщение от ivandog on 03-Ноя-17, 09:58
	root@ipsec:/etc/ipsec.d# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination На винде тоже все антивирусы и фаерволлы отключил Источник Оцените статью Вам также может понравиться Как деактивировать режим наушников на смартфоне с Android? Когда к мобильному устройству присоединены наушники Обзор игры Джелли-Джу для Android В последние годы популярность мобильных игр резко возросла Лучшие шахматные приложения для iOS и Android Нынешний читерский скандал в шахматном мире сейчас Что хотят увидеть пользователи от Android 5.0 Key Lime Pie ОС Google Android развивается, и по всему видимому Правообладателям Политика конфиденциальности Контакты