[strongSwan] Error "no IKE config found" when trying to connect a roadwarrior
Larsen
larsen007 at web.de
Thu Feb 14 13:23:43 CET 2013
Hi,
I am new to IPsec and trying to get a roadwarrior connection from a
Windows XP box to work, but I only get the error "no IKE config found".
I have tried many different settings and looked into even more search
results without luck.
VPN server is strongSwan 5.0.2 on an IPfire 2.13 rc2 where I have
configured all the certificates via GUI.
The user certificate is loaded in the ShrewSoft VPN client.
Out of nescience I simply used the default values where I didn´t
understand something.
For my ipsec.conf see http://pastebin.com/3XV1S5AK
# cat /var/ipfire/vpn/ipsec.secrets
include /etc/ipsec.user.secrets
: RSA /var/ipfire/certs/hostkey.pem
ipsec.user.conf and ipsec.user.secrets are empty beside some comments.
On startup of the VPN server I get this warning/error and don´t know if
that is a problem or can be safely ignored:
Feb 11 16:27:03 atl-ipfire charon: 08[CFG] invalid subnet: vhost:%no,
skipped
Feb 11 16:27:03 atl-ipfire charon: 08[CFG] invalid subnet: %priv, skipped
Screenshots of my ShrewSoft Client configuration:
http://photobucket.com/albums/a587/larsen17/capture_20130214_120503_zpscfa99a6c.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120510_zps2b31d8c2.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120513_zps24759140.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120514_zps020b99c2.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120518_zps689e7a6f.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120519_zpsdcbf1bb4.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120521_zpsb50b961a.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120524_zps2e568ced.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120526_zps2b7573b4.png
http://photobucket.com/albums/a587/larsen17/capture_20130214_120529_zps1468d09d.png
Also tried it with the following instead of "auto":
dh: group 2
cipher: 3des
hash: sha1
When I try to connect, I get the error "no IKE config" in
"/var/log/messages":
Feb 14 11:03:02 atl-ipfire charon: 10[NET] received packet: from
xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Feb 14 11:03:02 atl-ipfire charon: 10[NET] waiting for data on sockets
Feb 14 11:03:02 atl-ipfire charon: 05[MGR] checkout IKE_SA by message
Feb 14 11:03:02 atl-ipfire charon: 05[MGR] created IKE_SA (unnamed)[2]
Feb 14 11:03:03 atl-ipfire charon: 05[NET] received packet: from
xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (3080 bytes)
Feb 14 11:03:03 atl-ipfire charon: 05[IKE] no IKE config found for
xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx, sending NO_PROPOSAL_CHOSEN
Feb 14 11:03:03 atl-ipfire charon: 05[NET] sending packet: from
xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (40 bytes)
Feb 14 11:03:03 atl-ipfire charon: 06[NET] sending packet: from
xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Feb 14 11:03:03 atl-ipfire charon: 05[MGR] checkin and destroy IKE_SA
(unnamed)[2]
Feb 14 11:03:03 atl-ipfire charon: 05[IKE] IKE_SA (unnamed)[2] state
change: CREATED => DESTROYING
Feb 14 11:03:03 atl-ipfire charon: 05[MGR] check-in and destroy of IKE_SA
successful
I get the same error when I try to connect with an iPhone or the GreenBow
VPN client, so I guess there must be something wrong on the server side.
How can I fix this? What else can I test?
Lars
More information about the Users
mailing list