Page 1 of 1

Help with LibreSwan

Posted: 2020/12/16 19:27:04
by UnoQualsiasi
Hello,

I am not understanding why LibreSwan on CentOS 8 is not able to connect my firewall in IkeV2.
On ubuntu 18.04 the same configuration works, on CentOS I always have "NO_PROPOSAL_CHOSEN"

I can made all the changes that I want in the conf but nothing change.

ipsec.conf

conn test_vpn
left=192.168.168.100 #(LibreSwan Server)
leftsubnet=192.168.168.0/24 #(LibreSwan network)
leftid=192.168.0.158 #(Firewall Public IP)
right=192.168.0.104 #(SonicWall Public IP)
rightsubnet=10.10.0.0/16 #(SonicWall X0 Subnet)
rightid=192.168.0.104 #(SonicWall Public IP)
keyingtries=0
authby=secret
ike=3des-sha256-modp2048 #(Phase 1 - on SonicWall 3DES - SHA256 - DH 14)
ikelifetime=28800s #(Lifetime 28800)
keyexchange=ike
phase2=esp # (Phase 2)
phase2alg=aes256-sha256 #(on SonicWall - ESP - AES-256 SHA256)
salifetime=28800s #(Lifetime 28800)
ikev2=insist
pfs=no #(no PFS)
auto=add

ipsec.secrets

192.168.0.158 192.168.0.104 : PSK "pre-shared key"

Re: Help with LibreSwan

Posted: 2020/12/17 05:45:40
by TrevorH
RHEL/CentOS 8 has turned off a lot of insecure security algorithms. Make sure that crypto-policies-scripts is installed then use update-crypto-policies (read the man page before you try to run it!) and set it to LEGACY and see if that helps.