Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    *SOLVED* Site to Site IPSec

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brcisna
      last edited by

      Hello All,
      –----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      SOLVED
      The fix for  below IPSec failure was adding a few more lines to  the conn / ipsec.conf file that was not needed before on the openswan end..

      ike=aes256-sha1
      phase2alg=aes256-sha1

      2 school buildings

      (1) pfSense 2.1.4
      (2) pfSense 2.2.4

      Since upgrading to pfSense-2.2.4-RELEASE at bulding (2) , (1) & (2) still connect fine without any modifications to IPsec config.

      The problem is on my home Debian Wheezy running openswan-2.6.x  with a Site to Site VPN to each of these my home connection to (1) is still AOK but I cannot connect to the updated (2) for anything.

      Using PSK authentication for all connection mentioned here.

      Have battled this for a few hours and alway end up with error on OpenSwan "No_Proposal_Chosen" error and somewhat similar error on the 2.2.4-pfSense Ipsec logs as well.

      Will I have to upgrade my Debian Wheezy machine to Strongswan 5.x to make this work? It seems versioning should be at least somewhat backward compatable.
      Have tried almost every conceivable variation on Openswan and on pfSense configuration., and always ends up "No_Proposal_Chosen".

      Was not able to find any updated Site to Site example in the How To's

      Thank You,
      Barry

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.