> >>>> Feb 6 21:47:42 test2 pluto[1]: "vpn-ikev2-crt"[32] x.x.x.x #320: > >>>> 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-MODP2048-ENABLED+DISABLED > >> > >> so we received a proposal like: esp=aes_gcm128,aes_gcm256 with DH14 > >> > >> but your esp= line does not seem to allow this. It means you have > >> a non-default esp= line that doesn't include what windows wants. > > > > I don't have an esp= configured and I am using Libreswan 4.12 on alpine > > Then the above proposal should already be included in the default? > > Is this happening on rekeys? Windows did have various bugs related to > rekeying, so if that's the case, try adding ms-dh-downgrade=yes >
running now with ms-dh-downgrade=yes looks better. _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
