[strongSwan] IKE_AUTH fails with "no matching peer config found" error message in strongswan ver 4.6.3
martin at strongswan.org
Fri May 25 11:32:48 CEST 2012
These identities don't make much sense. When using certificate
authentication, the peer identities must be contained in the
certificate, either as subject or as subjectAltName.
> 08[CFG] id 'localhost' not confirmed by certificate, defaulting to
> 'C=SG, ST=CA, O=DemoCA, CN=localhost, E=admin1 at server.example.dom'
If the ID is not found in the certificate, the identity gets enforced.
> 10[CFG] looking for peer configs matching
> 126.96.36.199[localhost]...188.8.131.52[C=SG, ST=CA, O=DemoCA,
> CN=localhost, E=admin at server.example.dom]
The identities won't match to your configuration. Try to use sane peer
identities in your config, either subject DNs or subjectAltNames from
More information about the Users