[strongSwan] no matching config

Mon Oct 25 10:20:21 CEST 2010

hello,

I'm trying to test the example
http://www.strongswan.org/uml/testresults/ikev2/rw-eap-sim-rsa/
but when carol tries to connect, moon doesn't find the config.
did I miss something obvious ?

thanks

=== moon daemon.log
Oct 25 09:29:33 virtual charon: 10[NET] received packet: from
192.168.0.100[500] to 192.168.0.1[500]
Oct 25 09:29:33 virtual charon: 10[ENC] parsed IKE_SA_INIT request 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Oct 25 09:29:33 virtual charon: 10[IKE] 192.168.0.100 is initiating an
IKE_SA
Oct 25 09:29:33 virtual charon: 10[ENC] generating IKE_SA_INIT response
0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Oct 25 09:29:33 virtual charon: 10[NET] sending packet: from
192.168.0.1[500] to 192.168.0.100[500]
Oct 25 09:29:33 virtual charon: 11[NET] received packet: from
192.168.0.100[4500] to 192.168.0.1[4500]
Oct 25 09:29:33 virtual charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Oct 25 09:29:33 virtual charon: 11[CFG] looking for peer configs
matching
192.168.0.1[moon.strongswan.org]...192.168.0.100[carol at strongswan.org]
Oct 25 09:29:33 virtual charon: 11[CFG] no matching peer config found
Oct 25 09:29:33 virtual charon: 11[IKE] peer supports MOBIKE
Oct 25 09:29:33 virtual charon: 11[ENC] generating IKE_AUTH response 1 [
N(AUTH_FAILED) ]
Oct 25 09:29:33 virtual charon: 11[NET] sending packet: from
192.168.0.1[4500] to 192.168.0.100[4500]

=== moon ipsec.conf
# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
        strictcrlpolicy=no
        plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2

conn rw-eap-sim
        left=192.168.0.1
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
        leftcert=moonCert.pem
        leftauth=pubkey
        leftfirewall=yes
        rightid=*@strongswan.org
        rightauth=eap-sim
        right=%any
        rightsendcert=never
        auto=add

=== moon statusall
Status of IKEv2 charon daemon (strongSwan 4.4.1):
  uptime: 75 seconds, since Oct 25 09:24:37 2010
  malloc: sbrk 135168, mmap 0, used 72472, free 62696
  worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: aes des sha1 sha2 md5 random x509 revocation pubkey
pkcs1 pgp dnskey pem fips-prf xcbc hmac gmp attr resolve kernel-netlink
socket-default stroke updown eap-sim eap-sim-file
Listening IP addresses:
  10.0.2.15
  192.168.0.1
Connections:
  rw-eap-sim:  192.168.0.1...%any
  rw-eap-sim:   local:  [C=FR, ST=Some-State, O=Linux strongSwan,
CN=moon.strongswan.org] uses public key authentication
  rw-eap-sim:    cert:  "C=FR, ST=Some-State, O=Linux strongSwan,
CN=moon.strongswan.org"
  rw-eap-sim:   remote: [*@strongswan.org] uses EAP_SIM authentication
  rw-eap-sim:   child:  10.1.0.0/16 === dynamic
Security Associations:
  none