続・strongswan 5.4.0-1 変
_ [debian] 続・strongswan 5.4.0-1 変
The default proposals now use a security strength of 128 bit. The default DH group
for IKE is now either ecp256 or modp3072, depending on whether the openssl plugin
is loaded or not. The default ESP proposal is aes128-sha256, which requires HMAC-SHA2-256
support with 128 bit truncation, which the Linux kernel correctly implements since 2.6.33.
But there are reports that other implementations might still not do so (#1353).
ref. Changelog for 5.4.x
というわけで、デフォルトの proposal が変更になったためだった。ipsec.conf で esp と ike を設定したところ、つながるようになった。