[strongSwan] multiple ipsec tunnels (multiple ipsec/esp SAs between 2 peer gws with 1 IKE SA)

Martin Willi martin at strongswan.org
Tue Aug 2 09:39:54 CEST 2011



> 15[CFG] looking for peer configs matching 172.17.10.10[srv.strongswan.org]...172.17.10.253[c5-1.strongswan.org]
> 15[CFG] no matching peer config found
> 15[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]


> conn rw-server
>         left=172.17.10.10
>         leftsubnet=192.168.20.0/24
>         right=%any

The problem is not the secret, but that no config matches on your
responder. "leftid" defaults to "left" (172.17.10.10), but actually is
srv.strongswan.org. Try leftid=srv.strongswan.org, or even leftid=%any.

Regards
Martin






More information about the Users mailing list