• 0 Votes
    4 Posts
    2k Views
    D

    Okay, I took jimp's advice, and after some struggling with syntax, I was able to get past the NO_PROP error (to run into a different error right behind it).

    Anyway, to help someone else with the NO_PROP error, I'll document what I did.

    I looked in the /var/etc/ipsec/swanctl.conf file on the Netgate 4100 and found these two lines: proposals = aes256-sha256-modp1024 esp_proposals = aes256-sha1,aes256-sha256,aes256-sha384,aes256-sha512

    Note that the syntax is very different from what was shown in the log file such as "AES_CBC_128".

    I copied these into the corresponding fields in the network-manager-strongswan VPN settings.

    On Ubuntu 22.04, it is in this location:

    VPN Settings > Identity tab > Algorithms at the bottom

    Check the box "Enable custom algorithm proposals"

    In the IKE text input, I put:

    aes256-sha256-modp1024

    In the ESP text input, I put:

    aes256-sha1;aes256-sha256;aes256-sha384;aes256-sha512

    NOTE THAT THE COMMAS WERE REPLACED WITH SEMICOLONS! This caused me a bit of frustration until I accidentally mouse-overed the input label and saw that it said the list must be semi-colon-separated.

    Anyway, with these changes, I now no longer get the NO_PROP error.

    Now, I get a missing public key on the SSL certificate. If I can't solve that, I'll start a new thread.

    Thanks, @jimp !

  • 0 Votes
    8 Posts
    2k Views
    stephenw10S

    Yes, I would definitely recommend that. If only because that's how virtually all networks with VLANs are setup and if you do something unusual like that you will hit unusual problems!
    Really the only reason to trunk tagged VLANs to a host is so that host can access multiple VLANs. So you might do that for a VM server or an access point with multiple SSIDs.

    Steve