Thanks Tobias for the quick response. I set this up, the Registry value and below configuration, but still the same error.
config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes dpdaction=clear dpddelay=300s rekey=no left=%any leftid=102.1*9.2*9.** leftcert=server-cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-mschapv2 rightsourceip=10.10.10.0/24 rightdns=8.8.8.8,8.8.4.4 rightsendcert=never eap_identity=%identity ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! esp=aes256-sha256,aes256-sha1,3des-sha1! Thanks a lot On Wed, Feb 13, 2019 at 5:45 PM Tobias Brunner <tob...@strongswan.org> wrote: > Hi Moses, > > Configure an IKE proposal that's accepted by your peer (you disabled log > message for cfg, so you didn't see the details of the proposal > negotiation). Most likely the problem is that modp1024 is proposed, a > DH group strongSwan doesn't include in its default IKE proposal anymore. > So to use it, IKE proposals have to be configured explicitly. Also see > [1] for information on how to get Windows to use at least modp2048. > > Regards, > Tobias > > [1] > > https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048 >