[Swan] what problem do I have here?
Paul Wouters
paul at nohats.ca
Thu Feb 8 00:10:02 EET 2024
On Wed, 7 Feb 2024, Marc wrote:
>>>> This is a win10 client. What problem do I have here?
>>
>>>> Feb 6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320:
>>>> 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-MODP2048-ENABLED+DISABLED
>>
>> so we received a proposal like: esp=aes_gcm128,aes_gcm256 with DH14
>>
>> but your esp= line does not seem to allow this. It means you have
>> a non-default esp= line that doesn't include what windows wants.
>
> I don't have an esp= configured and I am using Libreswan 4.12 on alpine
Then the above proposal should already be included in the default?
Is this happening on rekeys? Windows did have various bugs related to
rekeying, so if that's the case, try adding ms-dh-downgrade=yes
> Is it possible to configure esp with something like
>
> esp={defaults}+aes_gcm256
No. You either use the defaults or specify the entire list.
Paul
More information about the Swan
mailing list