[strongSwan] IKE_AUTH fails with "no matching peer config found" error message in strongswan ver 4.6.3

Martin Willi martin at strongswan.org
Fri May 25 11:32:48 CEST 2012


Hi,

>         leftid=@localhost
>         rightid=@localhost

These identities don't make much sense. When using certificate
authentication, the peer identities must be contained in the
certificate, either as subject or as subjectAltName.

> 08[CFG]   id 'localhost' not confirmed by certificate, defaulting to
> 'C=SG, ST=CA, O=DemoCA, CN=localhost, E=admin1 at server.example.dom'

If the ID is not found in the certificate, the identity gets enforced.

> 10[CFG] looking for peer configs matching
> 192.167.21.2[localhost]...192.167.21.1[C=SG, ST=CA, O=DemoCA,
> CN=localhost, E=admin at server.example.dom]

The identities won't match to your configuration. Try to use sane peer
identities in your config, either subject DNs or subjectAltNames from
your certificates.

Regards
Martin





More information about the Users mailing list