IPSec AES256
-
It's a SuperMicro X7SPE-HF-D525 Atom-based board.
NoScript? Turn on JavaScript and reload.
I'll try but the other pull down works…
-
Strangely enough I changed browsers and and it let me choose 256. So thanks for the help on that.
Still getting the No Proposal error though. Any thoughts?
-
You probably have a mismatch. Check everything.
The only pulldowns that usually require javascript are the ones that change content when the other item is changed, as is the case with changing the algorithm presenting a specific selection of key lengths.
-
I am having the same problem something that started after I updated today.
-
FYI
I had that set previously
Kept getting message so blew awase phase II settings and tried again same issue.
Blew away Phase I and recreated I and II and this is the same message I am getting.
–--------------------------------------------
I did export of config to check and it looks correct.Might be something in the interface
-
What part about Only 128-bit AES can be used with glxsb accelerator is hard to understand?
-
I am having the same problem something that started after I updated today.
You had the problem before you upgraded actually. 2.2.1 enforces a proper configuration there. You have glxsb enabled, which means you cannot use AES > 128. If set to "auto", many times you'll end up using AES > 128 and have a broken VPN. I added that input validation so you can't configure something that's going to break with your glxsb card enabled.
-
My research has pointed that the NO_PROPOSAL_CHOSEN error is caused by an error in the Phase 2 settings. Is this a correct assumption?
-
Derelict The part where "glxsb" was not in my vocabulary. It is now. I didn't even know it was enabled on this box.
When you are right, you are right. This was old box, soon to be replaced by an APU, if they ever make it back into the USA. I did not catch it because we don't use accelerators. This old geode had it.
Thank you!
-
My research has pointed that the NO_PROPOSAL_CHOSEN error is caused by an error in the Phase 2 settings. Is this a correct assumption?
-
My research has pointed that the NO_PROPOSAL_CHOSEN error is caused by an error in the Phase 2 settings. Is this a correct assumption?
A mismatch of some sort, most likely it's something in P1.
-
My research has pointed that the NO_PROPOSAL_CHOSEN error is caused by an error in the Phase 2 settings. Is this a correct assumption?
It can be either Phase 1 or Phase 2. See https://doc.pfsense.org/index.php/IPsec_Troubleshooting for help interpreting the logs.
Best thing to do is set IKE SA, IKE Child SA, and Configuration Backend to Diag in the log settings, all others on Control, and have the remote end initiate.