PRE-TEST

carol# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

moon# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

carol# sleep 2

carol# ipsec up home
002 "home" #1: initiating Main Mode
104 "home" #1: STATE_MAIN_I1: initiate
010 "home" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "home" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
031 "home" #1: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message


TEST

carol# ipsec status | grep 'home.*STATE_MAIN_I4.*ISAKMP SA established' [NO]

moon# ipsec status | grep 'rw.*STATE_MAIN_R3.*ISAKMP SA established' [NO]

carol# cat /var/log/auth.log | grep 'NO_PROPOSAL_CHOSEN' [YES]
Jul 20 14:41:01 carol pluto[11569]: packet from 192.168.0.1:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jul 20 14:41:11 carol pluto[11569]: packet from 192.168.0.1:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jul 20 14:41:31 carol pluto[11569]: packet from 192.168.0.1:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN

moon# cat /var/log/auth.log | grep 'Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag' [YES]
Jul 20 14:41:01 moon pluto[13516]: "rw"[1] 192.168.0.100 #1: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA, OAKLEY_GROUP_MODP1536] refused due to strict flag
Jul 20 14:41:01 moon pluto[13516]: "rw"[1] 192.168.0.100 #1: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA, OAKLEY_GROUP_MODP1024] refused due to strict flag
Jul 20 14:41:11 moon pluto[13516]: "rw"[2] 192.168.0.100 #2: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA, OAKLEY_GROUP_MODP1536] refused due to strict flag
Jul 20 14:41:11 moon pluto[13516]: "rw"[2] 192.168.0.100 #2: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA, OAKLEY_GROUP_MODP1024] refused due to strict flag
Jul 20 14:41:31 moon pluto[13516]: "rw"[3] 192.168.0.100 #3: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA, OAKLEY_GROUP_MODP1536] refused due to strict flag
Jul 20 14:41:31 moon pluto[13516]: "rw"[3] 192.168.0.100 #3: Oakley Transform [OAKLEY_3DES_CBC (192), OAKLEY_SHA, OAKLEY_GROUP_MODP1024] refused due to strict flag

moon# cat /var/log/auth.log | grep 'no acceptable Oakley Transform' [YES]
Jul 20 14:41:01 moon pluto[13516]: "rw"[1] 192.168.0.100 #1: no acceptable Oakley Transform
Jul 20 14:41:11 moon pluto[13516]: "rw"[2] 192.168.0.100 #2: no acceptable Oakley Transform
Jul 20 14:41:31 moon pluto[13516]: "rw"[3] 192.168.0.100 #3: no acceptable Oakley Transform


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...