@
wzxjohn 请问一下 我按照这个配置 连接 IOS8 手机也安装了ca clinet 证书
但服务器输出
Aug 12 11:31:12 localhost strongswan: 16[IKE] 223.223.193.58 is initiating an IKE_SA
Aug 12 11:31:12 localhost strongswan: 16[IKE] IKE_SA (unnamed)[7] state change: CREATED => CONNECTING
Aug 12 11:31:12 localhost strongswan: 16[CFG] selecting proposal:
Aug 12 11:31:12 localhost strongswan: 16[CFG] no acceptable ENCRYPTION_ALGORITHM found
Aug 12 11:31:12 localhost strongswan: 16[CFG] selecting proposal:
Aug 12 11:31:12 localhost strongswan: 16[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Aug 12 11:31:12 localhost strongswan: 16[CFG] selecting proposal:
Aug 12 11:31:12 localhost strongswan: 16[CFG] proposal matches
Aug 12 11:31:12 localhost strongswan: 16[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 12 11:31:23 localhost charon: 05[JOB] deleting half open IKE_SA after timeout
Aug 12 11:31:23 localhost charon: 05[IKE] IKE_SA (unnamed)[6] state change: CONNECTING => DESTROYING
Aug 12 11:31:42 localhost charon: 02[JOB] deleting half open IKE_SA after timeout
Aug 12 11:31:42 localhost charon: 02[IKE] IKE_SA (unnamed)[7] state change: CONNECTING => DESTROYING
是 这个 no acceptable ENCRYPTION_ALGORITHM found 导致 没有连接的原因吗?
附上我的ipsec.conf
conn %default
keyexchange=ikev2
dpdaction=clear
dpddelay=5s
#auto destroy unused connections
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
#server cert that will send to client
leftsendcert=always
#always send server cert
#not set may cause cert failed
right=%any
rightdns=8.8.8.8,8.8.4.4
#DNS send to client
rightsourceip=172.0.0.0/24
#DHCP Pool for client
conn IPSec-IKEv2
keyexchange=ikev2
leftid=106.187.42.230
#your servr name in cert "server.pem"
rightid=*@106.187.42.230
#define a suffix for user account
auto=add
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
#define auth type to EAP
rightsendcert=never
#do not need client cert
eap_identity=%any
#any user can login successfully