I have configured a VPN gateway and a tunnel, but its not coming up getting below error.
charon: 13[IKE] no IKE config found for 10.0.1.211...125.17.97.4, sending NO_PROPOSAL_CHOSEN
Asked
Active
Viewed 2.5k times
1
-
and below is the config. config setup conn apigate-airtel-primary authby=secret keyexchange=ikev1 left=34.87.73.56 leftsubnet=35.240.245.123/32,35.187.234.149/32 leftid=@apigate right=125.17.97.4 rightsubnet=125.16.134.64/29 rightid=@airtel-primary pfs=yes ike=aes128-sha1-modp1024,3des-sha1-modp1024! esp=aes128-sha1,3des-sha1! type=tunnel ikelifetime=36600s keylife=10800s auto=start keyingtries=3 dpdaction=restart – GihanS Sep 05 '19 at 05:23
1 Answers
1
This indicates that there was no match between the algorithms configured on the pair of VPN gateways.
Please note that, In IKEv1, the set of algorithms must be a complete match. In IKEv2, there must be one common algorithm between the two configurations VPN Troubleshooting
a) You should configure:
keyexchange=ike for IKEv1 and IKEv2 support, but initiate with IKEv2.
b) Also, change the ikelifetimefor IKEv2=36000s (10 hrs). You can see all the parameters for VPNs in GCP Supported IKE ciphers
c) Also remember, EAP is not supported on Cloud VPN.
d) Finally a good guide for creating a VPN between GCP and Strongswan.VPN between strongSwan and Cloud VPN.
Good Luck!
Agustin E.
- 56
- 4
-
-
config setup charondebug="ike 3, mgr 3, chd 3, net 3" conn apigate-airtel-primary authby=psk auto=start dpdaction=hold esp=aes128-sha1-modp1024! forceencaps=yes ike=aes128-sha1-modp1024! keyexchange=ikev1 mobike=no type=tunnel left=34.87.6.243 leftid=@apigate leftsubnet=35.240.245.123/32,35.187.234.149/32 leftauth=psk leftikeport=4500 right=125.17.97.4 rightid=@airtel-primary rightsubnet=125.16.134.64/29 rightauth=psk rightikeport=4500 – GihanS Sep 06 '19 at 14:42
-
I suggested change the IKE version. You should configure: keyexchange=ike. – Agustin E. Sep 09 '19 at 14:15