Join Log in
Score:2
T3.0 avatar Server

what is the proposal string for aes-gem256 deffie helman group 20, esp

co flag
T3.0

As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal string" message in my syslog after I launch the strongswan-starter service.

The administrator hosting the VPN has only provided a limited set of parameters and the connection profile is not available for download.

What is the correct proposal string to put in my ipsec.conf for connecting to a system that has the following parameters:

Phase 1 Transform: AES-GCM (256 bits)
Phase 1 Key Group: Diffie-Hellman Group20
Phase 2 IPSec Proposal: ESP-AES256-GCM
Phase 2 Perfect Forward Secrecy: Diffie-Hellman Group20

My ipsec.conf

conn PHS
     leftsubnet=x.x.x.x/25
     authby=secret
     ike=aes256gmac;ecp384
     right=x.x.x.x
     rightid=x.x.x.x
     leftid=GH_Remote

client: ubuntu 22 server (headless) host: ikev2 watchguard vpn

44
1 + 0
Score:0
Fergus avatar Server
us flag
Fergus

A short stab at it; maybe this:

conn PHS
leftsubnet=x.x.x.x/25
authby=secret
ike=aes256gcm128-ecp384!
esp=aes256gcm128-ecp384!
right=x.x.x.x
rightid=x.x.x.x
leftid=GH_Remote
keyexchange=ikev2

The exclamation mark at the end forces this proposal string.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.