[Swan] Issue connecting between Cisco 2811 and Ubuntu 14.04 - worked with strongswan

Paul Wouters paul at nohats.ca
Mon May 30 15:29:23 UTC 2016

On Mon, 30 May 2016, Charles Wyble wrote:

> I’ve recently switched to libreswan (for VTI support). I can’t get the IPSEC tunnel to connect.
> Here are the log snippets and configuration, please let me know if anything else is needed.

> 1.   May 30 15:14:24: "satx" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=68

> 8.   May 30 15:14:56: "satx" #2: Oakley Transform [OAKLEY_AES_CBC (128), OAKLEY_SHA1, OAKLEY_GROUP_MODP4096] refused

Seems the cisco wants: ike=aes128-sha1;modp4096

(such a large modp and a key size of 128 does not make much sense btw)

> 41.         ike=aes128-md5-modp1536           #P1: modp1536 = DH group 5

That does not match the cisco config....

> 50.         remote_peer_type=cisco

Do not use this unless you are using XAUTH user/password verification.


More information about the Swan mailing list