GVC 4.9.14 and above are not connecting - Phase 1 Proposal does not match
03/26/2020 4 11850
After the update of the Global VPN Client to 4.9.14, you're not able to connect to the WAN GroupVPN anymore.
In the firewall logs you can see that the connection has been refused because of "IKE Responder: IKE proposal does not match (Phase 1)"
The root cause might be related to not secure settings in the VPN Proposals. New GVC versions needs an encryption method 3DES or AES-128 or above.
If under the Proposals tab in the WANGroupVPN configuration (VPN | Settings) you configured the encryption method as "DES", new GVC versions won't work:
- Go to VPN | Settings, click the configuration button beside WAN Group VPN.
- Go to Proposals tab
- Select at least 3DES as encryption method for IKE (Phase 1) Proposal and IPSec (Phase 2) Proposal.