[strongSwan] strongswan and playbook issues
Tobias Brunner
tobias at strongswan.org
Mon Apr 16 14:06:18 CEST 2012
Hi Dan,
> After fixing the simple issue i had originally had i get a little bit
> farther in the process but im still receiving an authentication error on
> my playbook.
Are there any more details about the error on the PlayBook? Some logs
perhaps? From the point of view of strongSwan the connection was
established successfully:
> Apr 13 08:47:17 ZORO charon: 10[IKE] authentication of '122.105.110.118'
> with pre-shared key successful
> Apr 13 08:47:17 ZORO charon: 10[IKE] peer supports MOBIKE
> Apr 13 08:47:17 ZORO charon: 10[IKE] authentication of '192.168.1.104'
> (myself) with pre-shared key
> ...
> Apr 13 08:47:17 ZORO charon: 10[IKE] CHILD_SA rem{1} established with
> SPIs cc3d590e_i 460ca470_o and TS 0.0.0.0/0 === 192.168.1.121/32
Since both your hosts are natted and you didn't specify leftid for your
connection (and the PlayBook does not send an IDr) the problem could be
the ID strongSwan uses, by default it's the IP address configured as
left. Since this address is private in your case, the PlayBook doesn't
know about it and perhaps assumes a different ID when authenticating the
gateway (probably the public IP address of the NAT). So you might want
to try to configure the public IP as leftid, if it is static, or change
the "Gateway Auth ID Type" option on the PlayBook and then add the
configured ID as leftid in ipsec.conf.
Regards,
Tobias
More information about the Users
mailing list