*SOLVED* Site to Site IPSec



  • Hello All,
    –----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    SOLVED
    The fix for  below IPSec failure was adding a few more lines to  the conn / ipsec.conf file that was not needed before on the openswan end..

    ike=aes256-sha1
    phase2alg=aes256-sha1

    2 school buildings

    (1) pfSense 2.1.4
    (2) pfSense 2.2.4

    Since upgrading to pfSense-2.2.4-RELEASE at bulding (2) , (1) & (2) still connect fine without any modifications to IPsec config.

    The problem is on my home Debian Wheezy running openswan-2.6.x  with a Site to Site VPN to each of these my home connection to (1) is still AOK but I cannot connect to the updated (2) for anything.

    Using PSK authentication for all connection mentioned here.

    Have battled this for a few hours and alway end up with error on OpenSwan "No_Proposal_Chosen" error and somewhat similar error on the 2.2.4-pfSense Ipsec logs as well.

    Will I have to upgrade my Debian Wheezy machine to Strongswan 5.x to make this work? It seems versioning should be at least somewhat backward compatable.
    Have tried almost every conceivable variation on Openswan and on pfSense configuration., and always ends up "No_Proposal_Chosen".

    Was not able to find any updated Site to Site example in the How To's

    Thank You,
    Barry


Log in to reply