[Swan] Issue connecting between Cisco 2811 and Ubuntu 14.04 - worked with strongswan
paul at nohats.ca
Mon May 30 15:29:23 UTC 2016
On Mon, 30 May 2016, Charles Wyble wrote:
> I’ve recently switched to libreswan (for VTI support). I can’t get the IPSEC tunnel to connect.
> Here are the log snippets and configuration, please let me know if anything else is needed.
> 1. May 30 15:14:24: "satx" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=68
> 8. May 30 15:14:56: "satx" #2: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_SHA1, OAKLEY_GROUP_MODP4096] refused
Seems the cisco wants: ike=aes128-sha1;modp4096
(such a large modp and a key size of 128 does not make much sense btw)
> 41. ike=aes128-md5-modp1536 #P1: modp1536 = DH group 5
That does not match the cisco config....
> 50. remote_peer_type=cisco
Do not use this unless you are using XAUTH user/password verification.
More information about the Swan