> Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Sending
> Informational Exchange: notify
> payload[ATTRIBUTES-NOT-SUPPORTED]
> Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] ERROR: mismatched ID
> was returned.
I suppose this means it doesn't like the returned subnets.
Your sha256 clue fixed the tonyhome connection. Thanks.
But although your suggestion of esp=3des-sha1-modp1024 overcame the
NO_PROPOSAL_CHOSEN hurdle, it still isn't working:
On the Strongswan side I see:
Jul 10 08:43:35 powerwall-34 charon: 08[NET] received packet: from
173.49.3.210[500] to
Hi,
> Jul 9 19:24:05 powerwall-34 charon: 04[CFG] received proposals:
> ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
> Jul 9 19:24:05 powerwall-34 charon: 04[CFG] configured proposals:
> ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
>
I had a Strongswan 4.5.2 working great on Linux for several
years. Yesterday when I upgraded to 5.2.1 (Using Debian Jessie / 8.11),
too much changed.
I got the phase 1 authentication working again.
I've narrowed down the problems with phase two to the encryption
protocols.
What is needed to