Azure virtual gateway with ipsec strongswan in Linux ubuntu need proposal matching for child sa

Question

I configured ipsec.conf, restarted ipsec and made example-gateway up. I am presented with below message

received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ
configured proposals: ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ, ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256
no acceptable proposal found
failed to establish CHILD_SA, keeping IKE_SA
sending DELETE for ESP CHILD_SA with SPI c7945aeb

I followed instructions from microsoft document link about generating and installing VPN client profile

Kindly assist with correct values for this message in ipsec.conf file for ike and esp

I tried below input in ipsec.conf file conn block

        #ike=aes256-sha1-modp2048
        #esp=aes256-sha1-modp2048

I am only able to establish IKE_SA between my linux machine network IP address with azure gateway server suffixed with .vpn.azure.com

score 4 · Answer 1 · answered Jan 28 '22 at 12:30

4

adding line in conn block, from /etc/ipsec.conf, enabled child sa

         esp=aes256gcm16,aes128gcm16!

answered Jan 28 '22 at 12:30

Prakashsinha Bayas

512
8
18

Azure virtual gateway with ipsec strongswan in Linux ubuntu need proposal matching for child sa

1 Answers1