[Pkg-swan-devel] strongswan-starter: received NO_PROPOSAL_CHOSEN error notify

Andreas Tscharner andy at stupidmail.ch
Wed Sep 3 10:28:25 BST 2025 

Hi Yves-Alexis,

Sorry for the delay!

On 27.08.25 08:46, Yves-Alexis Perez wrote:
> control: tag -1
> 
> On Wed, 2025-08-27 at 08:07 +0200, Andreas Tscharner wrote:
>> After an update from 6.0.1 to 6.0.2 this morning I can no longer create
>> my VPN tunnel with Strongswan. I get the message "received
>> NO_PROPOSAL_CHOSEN error notify". I could connect with the exact same
>> configuration yesterday evening.
>> Is this a bug or are there certain encryption methods that have been
>> removed (I haven't seen anything in the changelog though).
> 
> Hi Andreas,
> 
> thanks for the report but we'll need a bit more information I guess. The
> changelog for 6.0.2 is available at
> https://github.com/strongswan/strongswan/releases/tag/6.0.2 can you check if
> something rings a bell wrt. your setup?
> 
> I assume you're running sid/unstable on this box? Can you check what actually
> changed on the install besides strongSwan (looking at apt/dpkg logs for
> example). And can you compare the strongSwan logs between the working and non
> working situations?
> 
> Also make sure nothing changed on the remote side?

As it turned out, it was my configuration that worked with 6.0.1, but 
does no longer with 6.0.2.
I had in my ipsec.conf

         ike=3des-md5-modp1024
         esp=3des-md5

This worked for 6.0.1; for 6.0.2 I had to add an exclamation mark

         ike=3des-md5-modp1024!
         esp=3des-md5!

It now works for 6.0.2

Thanks and best regards
	Andreas
-- 
       ("`-''-/").___..--''"`-._
        `o_ o  )   `-.  (     ).`-.__.`)
        (_Y_.)'  ._   )  `._ `. ``-..-'
      _..`--'_..-_/  /--'_.' .'
     (il).-''  (li).'  ((!.-'

Andreas Tscharner  andy at stupidmail.ch   Instagram: starfire_75

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x77A89C97E3D3B12F.asc
Type: application/pgp-keys
Size: 14863 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20250903/da8765cb/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20250903/da8765cb/attachment.sig>

More information about the Pkg-swan-devel mailing list