strongSwan

= strongSwan User Documentation =

Features * [wiki:VirtualIp Virtual IP] via mode-config (IKEv1) or configuration payload (IKEv2) * [wiki:NatTraversal NAT Traversal] * [wiki:MobIke MOBIKE]

=== FAQ ===

'''Q:''' I'm trying to set up a VPN tunnel with a ZyXELL/Linksys/X router but the other side keeps on telling me '''"no proposal chosen"''' when strongSwan initiates the conneciton.

'''A:''' Make sure that the peer supports all the algorithms (including the key lengths) which strongSwan proposes for IKE and ESP. In terms of IKE, the proposal consists of the following parts: Encryption algorithm, hash algorithm (PRF) and dh group. In terms of ESP the proposal includes the following: Encryption algorithm, hash algorithm, pfs group (dh group) and '''compression algorithm'''. There are lots of IPSec implementations out there that do '''not''' support compression. So the first thing to try in this situation is to switch compression off by using the ''compress'' parameter: {{{
compress=no
}}}
See also Chapter [http://www.strongswan.org/docs/readme4.htm#section_14.1 14.1 Authentication and encryption algorithms] of the strongSwan documentation. It has good information about the relevant parameters.

=== Interoperability ===