strongSwan

= strongSwan User Documentation =

== Features ==

  * [wiki:VirtualIp Virtual IP] via mode-config (IKEv1) or configuration payload (IKEv2)

  * [wiki:NatTraversal NAT Traversal]

  * [wiki:MobIke MOBIKE]

== Configuration ==

  * [wiki:IpsecConf ipsec.conf]

  * [wiki:IpsecSecrets ipsec.secrets]

  * [wiki:IpsecDirectory ipsec.d]

== Interoperability ==

 * [wiki:WindowsVista Windows Vista]

== FAQ ==

'''Q:''' ''I'm trying to set up a VPN tunnel with a ZyXELL/Linksys/X router but the other side keeps on telling me "no proposal chosen" when strongSwan initiates the connection.''

'''A:''' Make sure that the peer supports all the algorithms (including the key lengths) which strongSwan proposes for IKE and ESP. In terms of IKE, the proposal consists of the following parts: Encryption algorithm, hash algorithm (PRF) and DH group. In terms of ESP the proposal includes the following: Encryption algorithm, hash algorithm, pfs group (DH group) and '''compression algorithm'''. There are lots of IPSec implementations out there that do '''not''' support compression or have implemented it erronously. So the first thing to try in this situation is to switch compression off on the peer. strongSwan's default setting is

{{{

compress=no

}}} 

See also Chapter [http://www.strongswan.org/docs/readme4.htm#section_14.1 14.1 Authentication and encryption algorithms] of the strongSwan documentation. It has good information about the relevant parameters.