NO_PROPOSAL_CHOSEN | IPSec eap-mschapv2 raodwarrior config

ymcawoohoo · February 21, 2024, 01:50:34 PM

Hi,

I can't get a IPSec connection via the new connection tab working. At the moment I always get the following errors in the opnsense log:

2024-02-22T09:38:17   Informational   charon   09[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
2024-02-22T09:38:17   Informational   charon   09[IKE] <1> no IKE config found for 10.246.42.10...redacted, sending NO_PROPOSAL_CHOSEN
2024-02-22T09:38:17   Informational   charon   09[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]

Using a working legacy config these are the proposals chosen by the clients:

AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_4096

ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ

So in the new connection tab I offer aes256-sha384-modp4096(DH group 16) as phase 1 proposal and aes256-sha25 + dh groups 14/16 + aes256-sha256-no dh group for phase 2

In the working legacy con I also get packets requesting certain proposals in case I don't propose them, however I don't get them now.

What is my configuration error?

NO_PROPOSAL_CHOSEN | IPSec eap-mschapv2 raodwarrior config

ymcawoohoo

February 21, 2024, 01:50:34 PM Last Edit: February 22, 2024, 09:54:13 AM by ymcawoohoo