[Swan] what problem do I have here?
Marc
Marc at f1-outsourcing.eu
Thu Feb 8 00:17:46 EET 2024
> >>>> Feb 6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320:
> >>>> 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-MODP2048-ENABLED+DISABLED
> >>
> >> so we received a proposal like: esp=aes_gcm128,aes_gcm256 with DH14
> >>
> >> but your esp= line does not seem to allow this. It means you have
> >> a non-default esp= line that doesn't include what windows wants.
> >
> > I don't have an esp= configured and I am using Libreswan 4.12 on alpine
>
> Then the above proposal should already be included in the default?
>
> Is this happening on rekeys? Windows did have various bugs related to
> rekeying, so if that's the case, try adding ms-dh-downgrade=yes
>
running now with ms-dh-downgrade=yes
looks better.
More information about the Swan
mailing list