[Openswan Users] Key replaceing

Paul Wouters paul at xelerance.com
Sun Dec 9 16:27:12 EST 2007

On Mon, 10 Dec 2007, Christian Herzberg wrote:

> > The other end will have a log entry saying "sending informational payload
> > NO_PROPOSAL_CHOSEN". The line before that should be the reason why it
> > didnt pick the proposal.
> Hi Paul,
> I found the log of my Linksys WRV200. This is what it is saying.
> 1616   [Fri 19:21:16]  "TunnelA" #8027: IPsec Transform [ESP_AES (128),
> AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag

So it seems it is refusing the proposal esp=aes,sha1. this is part of
the list of default proposals of Openswan. You might want to change
that setting on the linksys, or match what it wants precisely on the
openswan side, eg  esp=3des,md5 or something.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list