no suitable connection found with IKEv2 policy but IKEv2 seems disabled

[khunalex]

Hi. Thank you for your answer.
Yes I had followed this guide:
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md
to connect from android tvbox and strongswan app.

Once I disabled ikev2.conf the error I get in the client side is:

Jun 22 22:42:51 wopr pluto[7330]: "myvpn" #1: initiating IKEv2 IKE SA
Jun 22 22:42:51 wopr pluto[7330]: "myvpn": local IKE proposals (IKE SA initiator selecting KE):
Jun 22 22:42:51 wopr pluto[7330]: "myvpn":   1:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048
Jun 22 22:42:51 wopr pluto[7330]: "myvpn":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048
181 "myvpn" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
Jun 22 22:42:51 wopr pluto[7330]: "myvpn" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
002 "myvpn" #1: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored
Jun 22 22:42:51 wopr pluto[7330]: "myvpn" #1: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored
010 "myvpn" #1: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response
Jun 22 22:42:52 wopr pluto[7330]: "myvpn" #1: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response
002 "myvpn" #1: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored
Jun 22 22:42:52 wopr pluto[7330]: "myvpn" #1: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored
010 "myvpn" #1: STATE_PARENT_I1: retransmission; will wait 1 seconds for response
Jun 22 22:42:52 wopr pluto[7330]: "myvpn" #1: STATE_PARENT_I1: retransmission; will wait 1 seconds for response

and in the server side

Jun 22 22:42:51 localhost pluto[4330]: packet from 79.150.xxx.xxx:500: initial parent SA message received on 192.168.1.100:500 but no suitable connection found with IKEv2 policy
Jun 22 22:42:51 localhost pluto[4330]: packet from 79.150.xxx.xxx:500: responding to IKE_SA_INIT (34) message (Message ID 0) from 79.150.xxx.xxx:500 with unencrypted notification NO_PROPOSAL_CHOSEN

Its like still try to use ikev2....

i even commented the line:
#include /etc/ipsec.d/*.conf

Originally posted by @khunalex in #818 (comment)

[hwdsl2]

@khunalex In your VPN client's /etc/ipsec.conf, under section conn myvpn, add this line ikev2=never, indented by two spaces. Save the file, restart the IPsec service and try re-connecting. Alternatively, you may refer to these instructions to connect Linux clients using the GUI [1] or using the CLI [2].

Note that while you can re-enable IKEv2 on the VPN server (rename ikev2.conf.disabled back to ikev2.conf and restart the IPsec service), it does have the limitation that if you connect multiple devices from behind the same NAT using different modes (e.g. IPsec/XAuth and IKEv2), the connection may fail with errors like you mentioned in #818.

[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#linux
[2] https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#configure-linux-vpn-clients-using-the-command-line

[khunalex]

It worked !!!
Thank you so much for your help and patience and for your wonderful scripts that made our life lot easier.