Help with LibreSwan

Issues related to configuring your network
Post Reply
Posts: 1
Joined: 2020/12/16 19:23:40

Help with LibreSwan

Post by UnoQualsiasi » 2020/12/16 19:27:04


I am not understanding why LibreSwan on CentOS 8 is not able to connect my firewall in IkeV2.
On ubuntu 18.04 the same configuration works, on CentOS I always have "NO_PROPOSAL_CHOSEN"

I can made all the changes that I want in the conf but nothing change.


conn test_vpn
left= #(LibreSwan Server)
leftsubnet= #(LibreSwan network)
leftid= #(Firewall Public IP)
right= #(SonicWall Public IP)
rightsubnet= #(SonicWall X0 Subnet)
rightid= #(SonicWall Public IP)
ike=3des-sha256-modp2048 #(Phase 1 - on SonicWall 3DES - SHA256 - DH 14)
ikelifetime=28800s #(Lifetime 28800)
phase2=esp # (Phase 2)
phase2alg=aes256-sha256 #(on SonicWall - ESP - AES-256 SHA256)
salifetime=28800s #(Lifetime 28800)
pfs=no #(no PFS)

ipsec.secrets : PSK "pre-shared key"

User avatar
Forum Moderator
Posts: 30337
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Help with LibreSwan

Post by TrevorH » 2020/12/17 05:45:40

RHEL/CentOS 8 has turned off a lot of insecure security algorithms. Make sure that crypto-policies-scripts is installed then use update-crypto-policies (read the man page before you try to run it!) and set it to LEGACY and see if that helps.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 8 - Networking Support”