Undocumented IPsec message types??

Latest response

I have a rhel 7.0 system that acts as a firewall and authentication server for a small LAN ( 64 nodes)

We have a requirement for employees and customers to be able to login to the LAN remotely.

I have a test scenario using a windows 7 client system that has a VPN client built into the windows 7 OS.

Both sides are configured to use x.509 certificates and IKEv2. Additionally users will be required to login once the VPN connection is established.

I've gotten the following error messages whenever the windows 7 client tries to establish an IKEv2 VPN connection.
packet from 107.223.51.250:500: initial parent SA message received on 69.54.99.132:500 but no connection has been authorized with policy=IKEV2_ALLOW
packet from 107.223.51.250:500: sending unencrypted notification v2N_NO_PROPOSAL_CHOSEN to 107.223.51.250:500
packet from 107.223.51.250:500: initial parent SA message received on 69.54.99.132:500 but no connection has been authorized with policy=IKEV2_ALLOW
packet from 107.223.51.250:500: sending unencrypted notification v2N_NO_PROPOSAL_CHOSEN to 107.223.51.250:500
packet from 107.223.51.250:500: initial parent SA message received on 69.54.99.132:500 but no connection has been authorized with policy=IKEV2_ALLOW
packet from 107.223.51.250:500: sending unencrypted notification v2N_NO_PROPOSAL_CHOSEN to 107.223.51.250:500

IKEV2_ALLOW and v2N_NO_PROPOSAL_CHOSEN appear to be message-type strings probably assigned some numeric value.
However there's no documentation that I can find that relates these message types to a parameter or set of parameters in the ipsec.conf file.
Anyone have a "clue" as to how I can find out more about these message types? I've tried the Libreswan and Strongswan websites, but no joy.

Best Regards

Guy

2U

Responses