[strongSwan] Microsoft Azure Virtual Network?
John Connett
jrc at skylon.demon.co.uk
Tue Aug 7 13:04:25 CEST 2012
On Mon, 06 Aug 2012 11:55:02 +0100, John Connett <jrc at skylon.demon.co.uk>
wrote:
> On Fri, 03 Aug 2012 10:14:01 +0100, Martin Willi <martin at strongswan.org>
> wrote:
>>> > 10[CFG] <2> looking for pre-shared key peer configs matching
>>> > 192.168.199.10...168.63.60.212[10.4.1.4]
>>> > 10[IKE] <2> no peer config found
>>>
>>> Is this an artifact of the charon / pluto merge in strongSwan 5? Or is
>>> "keyexchange=ikev2" not sufficient to cause IKEv2 to be used?
>>
>> The keyexchange parameter is connection specific, so your connection
>> will use IKEv2.
>>
>> Your peer, however, seems to initiate with IKEv1. You don't have a
>> matching connection for IKEv1, hence the negotiation fails with "no peer
>> config found".
>>
> I have added:
> keyexchange=ikev1
>so both initiator and responder should now be using IKEv1.
[text removed]
> Will continue to investigate ...
I have rebuilt strongswan-5.0.0 without "-O2" in CFLAGS and have
attached gdb to charon as described in
http://wiki.strongswan.org/issues/198.
On entry to the select_config function in libcharon/sa/ikev1/phase1.c
this->peer_cfg is NULL (so there is no attempt to find an alternative
config).
The body of the while loop over the enumerator is not entered.
This is consistent with the logging messages seen.
What I need to do to ensure that a suitable peer config is available?
--
John Connett
More information about the Users
mailing list