linux – Issues in communicating via IPSec (StrongSwan) between an Android client and its gateway (IKEv2)

I’ve been attempting to create an IPSec VPN into my home network to which I can tunnel from outside, eg. on my phone or thru my laptop when I’m abroad. Authenticating the clients is done via pubkey authentication with x509 certificates. All is working there, the only issue I have is with the Android client (on the official StrongSwan VPN app) which is failing to connect.

(IKE) authentication of 'arch' with RSA_EMSA_PKCS1_SHA2_256 successful
(IKE) IKE_SA android(3) established between (redacted)(C=IT, O=(redacted),
CN=(redacted) (havoc))...(redacted)(arch)
(IKE) scheduling rekeying in 35733s
(IKE) maximum IKE_SA lifetime 37533s
(IKE) installing DNS server
(IKE) installing new virtual IP
(IKE) received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
(IKE) closing IKE_SA due CHILD_SA setup failure

From what I’ve found (and been told) the received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built is either due to a mismatch between cipher suites or an invalid ts config. Both should be correct, considering that the official StrongSwan wiki has a configuration that should support most, if not all, the (up-to date) client cipher suites. ts is likely correct because the Android client, as can be seen above, does actually get an IP via DHCP and does actually install it.


root@arch ~ # cat /etc/swanctl/swanctl.conf 
connections { 
        rw { 
                local_addrs =, (redacted) 
                pools = dhcp 
                local { 
                        auth = pubkey 
                        certs = serverCert.pem 
                        id = arch 
                remote { 
                        auth = pubkey 
                children { 
                        net { 
                                local_ts = 
                                updown = /usr/local/libexec/ipsec/_updown iptables 
                                esp_proposals = aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default 
                version = 2 
                proposals = aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default 
include conf.d/*.conf 

Does anyone have any insight into this?