Page 1 of 1

Help with LibreSwan

Posted: 2020/12/16 19:27:04
by UnoQualsiasi

I am not understanding why LibreSwan on CentOS 8 is not able to connect my firewall in IkeV2.
On ubuntu 18.04 the same configuration works, on CentOS I always have "NO_PROPOSAL_CHOSEN"

I can made all the changes that I want in the conf but nothing change.


conn test_vpn
left= #(LibreSwan Server)
leftsubnet= #(LibreSwan network)
leftid= #(Firewall Public IP)
right= #(SonicWall Public IP)
rightsubnet= #(SonicWall X0 Subnet)
rightid= #(SonicWall Public IP)
ike=3des-sha256-modp2048 #(Phase 1 - on SonicWall 3DES - SHA256 - DH 14)
ikelifetime=28800s #(Lifetime 28800)
phase2=esp # (Phase 2)
phase2alg=aes256-sha256 #(on SonicWall - ESP - AES-256 SHA256)
salifetime=28800s #(Lifetime 28800)
pfs=no #(no PFS)

ipsec.secrets : PSK "pre-shared key"

Re: Help with LibreSwan

Posted: 2020/12/17 05:45:40
by TrevorH
RHEL/CentOS 8 has turned off a lot of insecure security algorithms. Make sure that crypto-policies-scripts is installed then use update-crypto-policies (read the man page before you try to run it!) and set it to LEGACY and see if that helps.