[Swan] windows 10 Policy Match Error

Paul Wouters paul at nohats.ca
Tue Sep 10 23:47:07 UTC 2019

On Mon, 9 Sep 2019, Computerisms Corporation wrote:

> Having updated a good number of my firewalls to debian bullseye and libreswan 
> 3.29, seemed reasonable to continue the quest.
> Then I came across one that has had me stumped for a while now.
> Windows 10 gives policy match error, and libreswan logs gives a 
> no-proposal-chosen error.  I found and read lots of stuff that is pretty much 
> all just details to this entry on the wiki:
> https://libreswan.org/wiki/FAQ#Microsoft_Windows_connection_attempts_fail_with_NO_POROPOSAL_CHOSEN
> I have tried the registry entry, I have tried the ike= and esp= entries, as 
> well as some entries that have worked in the past for me.
> Have tried removing libreswan entirely and recompiling and reinstalling, just 
> in case a sun spot did something during the initial install.
> Wondering if any one has any other suggestions as to what the hiccup might 
> be?

It is usually either the certificates aren't generated in a way Windows
likes it, or there is a misconfiguration. Re-installing or compiling
libreswan will not likely make a difference.

It's hard for us to say much more without seeing configurations and
logs unfortunately.


More information about the Swan mailing list