<div dir="ltr">Hi,<div><br></div><div>In version 3.19 we used the following configuration:<br><br></div><div><div># libreswan /etc/ipsec.conf configuration file</div><div>config setup</div><div>  protostack=netkey</div><div>  # exclude networks used on server side by adding %v4:!a.b.c.0/24</div><div>  virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.231.247.0/24,%v4:!10.231.246.0/24">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.231.247.0/24,%v4:!10.231.246.0/24</a></div><div>  # PSK clients can have the same ID if they send it based on IP address.</div><div>  uniqueids=no</div><div>  plutostderrlog=/var/log/libreswan</div><div><br></div><div><br></div><div><br></div><div>conn xauth-psk</div><div>    authby=secret</div><div>    pfs=no</div><div>    auto=add</div><div>    rekey=no</div><div>    left=%defaultroute</div><div>    leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div>    rightaddresspool=10.231.247.10-10.231.247.254</div><div>    right=%any</div><div>    # make cisco clients happy</div><div>    cisco-unity=yes</div><div>    # address of your internal DNS server</div><div>    modecfgdns1=172.31.14.50</div><div>    leftxauthserver=yes</div><div>    rightxauthclient=yes</div><div>    leftmodecfgserver=yes</div><div>    rightmodecfgclient=yes</div><div>    modecfgpull=yes</div><div>    xauthby=file</div><div>    # xauthby=alwaysok MUST NOT be used with PSK</div><div>    # Can be played with below</div><div>    #dpddelay=30</div><div>    #dpdtimeout=120</div><div>    #dpdaction=clear</div><div>    # xauthfail=soft</div><div>    ike-frag=yes</div><div>    ikev2=never</div></div><div><br></div><div>I just upgraded to version 3.21, using this same configuration. the client is sending the following proposal:</div><div><div><div>    (sa: doi=ipsec situation=identity</div><div>        (p: #1 protoid=isakmp transform=15</div><div>            (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha2-256)(type=group desc value=modp2048))</div><div>            (t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp2048))</div><div>            (t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp2048))</div><div>            (t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha2-512)(type=group desc value=modp2048))</div><div>            (t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha2-256)(type=group desc value=modp1536))</div><div>            (t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1536))</div><div>            (t: #7 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1536))</div><div>            (t: #8 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))</div><div>            (t: #9 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))</div><div>            (t: #10 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0080)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))</div><div>            (t: #11 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0080)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))</div><div>            (t: #12 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))</div><div>            (t: #13 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))</div><div>            (t: #14 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=1des)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))</div><div>            (t: #15 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=1des)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))))</div><div>    (vid: len=16 4a131c81070358455c5728f20e95452f)</div><div>    (vid: len=16 4df37928e9fc4fd1b3262170d515c662)</div><div>    (vid: len=16 8f8d83826d246b6fc7a8a6a428c11de8)</div><div>    (vid: len=16 439b59f8ba676c4c7737ae22eab8f582)</div><div>    (vid: len=16 4d1e0e136deafa34c4f3ea9f02ec7285)</div><div>    (vid: len=16 80d0bb3def54565ee84645d4c85ce3ee)</div><div>    (vid: len=16 9909b64eed937c6573de52ace952fa6b)</div><div>    (vid: len=16 7d9419a65310ca6f2c179d9215529d56)</div><div>    (vid: len=16 cd60464335df21f87cfdb2fc68b6a448)</div><div>    (vid: len=16 90cb80913ebb696e086381b5ec427b1f)</div><div>    (vid: len=8 09002689dfd6b712)</div><div>    (vid: len=16 12f5f28c457168a9702d9fe274cc0100)</div><div>    (vid: len=20 4048b7d56ebce88525e7de7f00d6c2d380000000)</div><div>    (vid: len=16 afcad71368a1f1c96b8696fc77570100)</div></div></div><div><br></div><div>but the server is responding with </div><div><div><div>    (n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)</div></div></div><div><br></div><div>what am i doing wrong?</div><div><br></div><div>Thanks,</div><div><br></div><div>Dynastic</div><div><br></div><div><br></div></div>