[strongSwan] Microsoft Azure Virtual Network?
jrc at skylon.demon.co.uk
Tue Aug 7 13:42:04 CEST 2012
On Tue, 07 Aug 2012 12:04:25 +0100, John Connett <jrc at skylon.demon.co.uk>
> On Mon, 06 Aug 2012 11:55:02 +0100, John Connett
> <jrc at skylon.demon.co.uk> wrote:
>> On Fri, 03 Aug 2012 10:14:01 +0100, Martin Willi <martin at strongswan.org>
>>>> > 10[CFG] <2> looking for pre-shared key peer configs matching
>>>> > 192.168.199.10...126.96.36.199[10.4.1.4]
>>>> > 10[IKE] <2> no peer config found
>>>> Is this an artifact of the charon / pluto merge in strongSwan 5? Or
>>>> "keyexchange=ikev2" not sufficient to cause IKEv2 to be used?
>>> The keyexchange parameter is connection specific, so your connection
>>> will use IKEv2.
>>> Your peer, however, seems to initiate with IKEv1. You don't have a
>>> matching connection for IKEv1, hence the negotiation fails with "no
>>> config found".
>> I have added:
>> so both initiator and responder should now be using IKEv1.
> [text removed]
>> Will continue to investigate ...
> I have rebuilt strongswan-5.0.0 without "-O2" in CFLAGS and have
> attached gdb to charon as described in
> On entry to the select_config function in libcharon/sa/ikev1/phase1.c
> this->peer_cfg is NULL (so there is no attempt to find an alternative
> The body of the while loop over the enumerator is not entered.
> This is consistent with the logging messages seen.
> What I need to do to ensure that a suitable peer config is available?
Increased logging to "cfg=3" in strongswan.conf and obtained the
16[CFG] <2> looking for pre-shared key peer configs matching
16[CFG] <2> peer config match local: 1 (ID_ANY)
16[CFG] <2> peer config match remote: 0 (ID_IPV4_ADDR -> 0a:04:01:05)
16[CFG] <2> ike config match: 12 (192.168.199.10 188.8.131.52)
16[IKE] <2> no peer config found
So 10.4.1.5 is ID_MATCH_NONE (0) ...
Unfortunately, I don't think the remote private IP address is fixed,
just chosen from 10.4.1.0/24.
More information about the Users