Reputation: 503
strongswan: 07[IKE] no IKE config found for , sending NO_PROPOSAL_CHOSEN
I have configured a VPN gateway and a tunnel, but its not coming up getting below error.
charon: 13[IKE] no IKE config found for 10.0.1.211...125.17.97.4, sending NO_PROPOSAL_CHOSEN
Upvotes: 2
Views: 33200
Answers (1)
Reputation: 56
This indicates that there was no match between the algorithms configured on the pair of VPN gateways.
Please note that, In IKEv1, the set of algorithms must be a complete match. In IKEv2, there must be one common algorithm between the two configurations VPN Troubleshooting
a) You should configure:
keyexchange=ike for IKEv1 and IKEv2 support, but initiate with IKEv2.
b) Also, change the ikelifetimefor IKEv2=36000s (10 hrs). You can see all the parameters for VPNs in GCP Supported IKE ciphers
c) Also remember, EAP is not supported on Cloud VPN.
d) Finally a good guide for creating a VPN between GCP and Strongswan.VPN between strongSwan and Cloud VPN.
Good Luck!
Upvotes: 1
Related Questions
- Unable to Setup an site-to-site vpn connection between strongswan and AWS VPN Gateway
- Changing VPN Parameter on GCP with CISCO ASA with IKEv2
- Site-to-site VPN on GCP using Strongswan
- Ipsec (strongswan) vpn not working properly with ubuntu 19.04 as client?
- Google VPN Classic to Fortigate Handshake Errors
- Google Cloud VPN error: peer didn't accept DH group MODP_1024, it requested MODP_1024
- Strongswan not establishing connection
- GCP IPSEC Issues
- How do I get Google Cloud VPN connected to Cisco ASA
- What Configuration Values are available for Google Cloud VPN using IKE v1?