IPsec VPN problems with AES128 and strongSwan VPN Client
-
So I have been playing with IPsec VPN to make sure it will be all good when we buy pfSense boxes for work.
I have followed this guide: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
Setting it to AES 256 works just fine, but 128 does not work. I just get a "Policy match error" from the windows client, but I have set AES 128 in both Phase 1 and 2 (also tried with auto on Phase 2)
Is AES-128 not supported using this method?Also is https://play.google.com/store/apps/details?id=org.strongswan.android not working with this? again I followed the guide, but just get "Failed to establish VPN: User authentication failed."
Looking at the logs I get this on the Android app:
Phase 1 Hash Algorithm Mismatch
Initiatorcharon: 10[ENC] parsed INFORMATIONAL_V1 request 2774552374 [ N(NO_PROP) ]
charon: 10[IKE] received NO_PROPOSAL_CHOSEN error notifyAm I missing something?
Running 2.4.2-RELEASE-p1
-
I was struggling with the same issue. If you haven't solved it yet, my suggestion:
At the VPN configuration -> Mobile Client try editing "Phase 1" -> "Phase 1 Proposal (Algorithms)" -> choose "DH Group" = 14 (2048 bits)
If you already have so, change logging level under "VPN" -> "IPSec" -> "Advanced Settings" to "Control". Afterwards you will probably find out the error in the system logs -> IPsec.
Good luck and have fun!
Cheers
Pasco -
For the details of the Windows VPN Client settings have a look here:
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7