IPSec vpn fails with encryption transform rejected on CentOS 7 Libreswan

Issues related to configuring your network
Post Reply
shovas
Posts: 19
Joined: 2009/08/17 23:36:54
Contact:

IPSec vpn fails with encryption transform rejected on CentOS 7 Libreswan

Post by shovas » 2017/05/28 16:47:09

EDIT: Added some context below about settings on the router and in the vpn client that work elsewhere (just not CentOS Libreswan).

How should I fix this error from pluto when connecting to IPSec VPN in CentOS 7? -->

May 27 22:33:22 localhost pluto[19657]: "f3a020a3-0d8d-48ff-a70a-9b9a72e9581f" #34: XAUTH: Successfully Authenticated
May 27 22:33:22 localhost pluto[19657]: "f3a020a3-0d8d-48ff-a70a-9b9a72e9581f" #34: modecfg: Sending IP request (MODECFG_I1)
May 27 22:33:26 localhost pluto[19657]: "f3a020a3-0d8d-48ff-a70a-9b9a72e9581f" #34: the peer proposed: 192.168.12.102/32:0/0 -> 10.0.0.0/8:0/0
May 27 22:33:26 localhost pluto[19657]: "f3a020a3-0d8d-48ff-a70a-9b9a72e9581f" #35: IPsec encryption transform rejected: encryption alg not present in kernel

Googling finds very few results for that last error message.

Our office uses a DSR-250N with IPSEC VPN setup and working successfully for Shrew Soft VPN on Windows *and* CentOS 5. I'm trying to migrate to CentOS 7 and I need VPN to work.

The DSR-250 IPSEC VPN is setup with Phase 1 Main/DH Group2/Cipher Algo 3des/Hash Algo md5 and Phase 2 Transform Algo 3des/HMAC Algo md5. These work on Windows and CentOS5 using Shrew Soft VPN but not on CentOS7 Libreswan.

On CentOS7 Libreswan I've quite Phase 1/2 algorithms as blank and with different permutations of what we support: 3des/aes128/192/256 and md5, sha1, sha2-224/256/384/512.

Thank you,

shovas
Posts: 19
Joined: 2009/08/17 23:36:54
Contact:

Re: IPSec vpn fails with encryption transform rejected on CentOS 7 Libreswan

Post by shovas » 2017/05/30 16:10:55

This seems to have been incorrect ike= and phase2alg= value formatting with quoting/not-quoting. Value that got passed this issue was ike=3des-md5 and phase2alg=3des-md5 in the KDE Network Connection Manager > VPN.

Post Reply