[strongSwan] Microsoft Azure Virtual Network?
Martin Willi
martin at strongswan.org
Fri Aug 3 11:14:01 CEST 2012
Hi John,
> > 10[CFG] <2> looking for pre-shared key peer configs matching
> > 192.168.199.10...168.63.60.212[10.4.1.4]
> > 10[IKE] <2> no peer config found
>
> Is this an artifact of the charon / pluto merge in strongSwan 5? Or is
> "keyexchange=ikev2" not sufficient to cause IKEv2 to be used?
The keyexchange parameter is connection specific, so your connection
will use IKEv2.
Your peer, however, seems to initiate with IKEv1. You don't have a
matching connection for IKEv1, hence the negotiation fails with "no peer
config found".
> IKE Phase I Parameters:
> Mode: Main mode
> Encryption: AES128 or 3DES
> Integrity: SHA1
> Diffie-Hellman group: Group 2 (1024 bit)
> Authentication Method: Pre-shared key
> Security Association Lifetime: 28800 seconds
Phase 1 proposal is what we define with the "ike" keyword:
ike=aes128-sha1-modp1024!
leftauth=psk
rightauth=psk
> IKE Phase II Parameters:
> Mode: ESP tunnel mode
> Encryption: AES128 or 3DES
> Integrity: SHA1
> Perfect Forward Secrecy: OFF
> Diffie-Hellman group: Group 2 (1024 bit)
This seems bogus to me, either you have a DH group and use PFS, or not.
The "esp" keyword in your connection is either
esp=aes128-sha1!
or
esp=aes128-sha1-modp1024!
Regards
Martin
More information about the Users
mailing list