IPsec VPN problems with AES128 and strongSwan VPN Client
vooze last edited by
So I have been playing with IPsec VPN to make sure it will be all good when we buy pfSense boxes for work.
I have followed this guide: https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
Setting it to AES 256 works just fine, but 128 does not work. I just get a "Policy match error" from the windows client, but I have set AES 128 in both Phase 1 and 2 (also tried with auto on Phase 2)
Is AES-128 not supported using this method?
Also is https://play.google.com/store/apps/details?id=org.strongswan.android not working with this? again I followed the guide, but just get "Failed to establish VPN: User authentication failed."
Looking at the logs I get this on the Android app:
Phase 1 Hash Algorithm Mismatch
charon: 10[ENC] parsed INFORMATIONAL_V1 request 2774552374 [ N(NO_PROP) ]
charon: 10[IKE] received NO_PROPOSAL_CHOSEN error notify
Am I missing something?
pasco last edited by
I was struggling with the same issue. If you haven't solved it yet, my suggestion:
At the VPN configuration -> Mobile Client try editing "Phase 1" -> "Phase 1 Proposal (Algorithms)" -> choose "DH Group" = 14 (2048 bits)
If you already have so, change logging level under "VPN" -> "IPSec" -> "Advanced Settings" to "Control". Afterwards you will probably find out the error in the system logs -> IPsec.
Good luck and have fun!
lst_hoe last edited by
For the details of the Windows VPN Client settings have a look here: