I am new to Ipsec/Ikev2 concept. I am trying to create a Ipsec/IKEv2 connection between Windows 10 and SUSE SELES 12 box using strong swan.
Right now i don't have ipsec configuration information of SUSE box. but i can tell you my observation and issue:
NOTE: I have not provide IKE and ESP value in the ipsec.conf file and I am using PSK for authentication.
when I am keeping value of keyexchange = ike in ipsec.conf in SUSE machine. SUSE is keep sending packet to Windows but not getting response.
I changed the value to keyexchange = IKEv1 and now SUSE is sending packet to Windows box and getting response back. but getting error as below:
2020-10-15T13:25:09.153507+03:00 ct99 charon: 13[NET] sending packet: from 3.213.176.114[500] to 3.213.176.129[500] (172 bytes) 2020-10-15T13:25:09.153663+03:00 ct99 charon: 14[NET] received packet: from 3.213.176.129[500] to 3.213.176.114[500] (56 bytes) 2020-10-15T13:25:09.153819+03:00 ct99 charon: 14[ENC] parsed INFORMATIONAL_V1 request 2363509334 [ N(NO_PROP) ] 2020-10-15T13:25:09.153977+03:00 ct99 charon: 14[IKE] received NO_PROPOSAL_CHOSEN error notify
Windows 10 configuration information:
MainMode CryptoSet info:
Proposal : { 0 : Encryption: AES128 : Hash: SHA1 : KeyExchange: DH14 }
QuickModeCryptoSet:
Proposal : { 0 : Encapsulation: ESP : EspHash: SHA1 : Encryption: AES128 : MaxLifetimeKilobytes: 100000 : MaxLifetimeMinutes: 60 }
Could you please help me understand why I have to set the value of keyexchange = IKEV1 as it should work even though value is set to IKE as per my understanding.
And for anther error in log. I tried to set the multiple possible value for ike and esp but still it is not throwing the same error. Please help me out on this.
Thanks you in so much in advance!
In my case, the error NO_PROPOSAL_CHOSEN was caused by Windows 10 proposing by default just weak ciphers. The weak ciphers are not enabled by default in Strongswan since Strongswan version 5.6.
Stronger ciphers can be enabled in Windows 10 via registry using a regfile with the following content: