[Swan] windows 10 Policy Match Error

Nels Lindquist nlindq at maei.ca
Thu Sep 12 18:56:15 UTC 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2019/09/09 11:19 p.m., Computerisms Corporation wrote:
> Greetings Gurus,
> 
> Having updated a good number of my firewalls to debian bullseye
> and libreswan 3.29, seemed reasonable to continue the quest.

What version were you upgrading from?  Was it older than 3.28?

> Then I came across one that has had me stumped for a while now.
> 
> Windows 10 gives policy match error, and libreswan logs gives a 
> no-proposal-chosen error.  I found and read lots of stuff that is
> pretty much all just details to this entry on the wiki:
> 
> https://libreswan.org/wiki/FAQ#Microsoft_Windows_connection_attempts_fail_with_NO_POROPOSAL_CHOSEN
>
>  I have tried the registry entry, I have tried the ike= and esp=
> entries, as well as some entries that have worked in the past for
> me.
> 
> Have tried removing libreswan entirely and recompiling and
> reinstalling, just in case a sun spot did something during the
> initial install.
> 
> Wondering if any one has any other suggestions as to what the
> hiccup might be?

After upgrading from an older version of libreswan I experienced
similar problems with Windows.

I noted the following in CHANGES from the v3.28 release:

> * IKE: Change default connection from IKEv1 to IKEv2 [Paul]

I then included an "ikev2=no" directive in my Windows-related
configurations, and everything started working for me again.

- ----
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAl16lM8ACgkQh6z5POoOLgTpBgCfeAMo0ml+Gs/aebVaDcGkPQFF
NkcAoIjMu3HBSQRUYFfa21lMKQW8hgbU
=V4Pq
-----END PGP SIGNATURE-----


More information about the Swan mailing list