[strongSwan] Error "no IKE config found" when trying to connect a roadwarrior

Larsen larsen007 at web.de
Mon Feb 25 20:55:16 CET 2013


Just to report back: Problem "no IKE config found" solved after  
configuring IKEv1 for the client.


Lars


On Sat, 23 Feb 2013 17:42:41 +0100, Larsen <larsen007 at web.de> wrote:

> I knew it would be that simple =/
> Wouldn´t have thought that all three only speak IKEv1.
>
> Thanks a lot! I will test this the next days.
>
>
> Lars
>
>
>
> On Sat, 23 Feb 2013 17:07:54 +0100, Andreas Steffen
> <andreas.steffen at strongswan.org> wrote:
>
>> Hi Lars,
>>
>> The Shrew, iphone and GreenBow clients speak IKEv1 only. Therefore
>> you have to configure either
>>
>>    keyexchange=ikev1
>>
>> for IKEv1 only or
>>
>>    keyexchange=ike
>>
>> for IKEv1 and IKEv2 support.
>>
>> Regards
>>
>> Andreas
>>
>> On 23.02.2013 16:38, Larsen wrote:
>>> I am still totally stuck on this. Still get the error "no IKE config
>>> found" with multiple clients.
>>> Any help would be greatly appreciated!
>>>
>>>
>>> Lars
>>>
>>>
>>> On Thu, 14 Feb 2013 13:23:43 +0100, Larsen <larsen007 at web.de> wrote:
>>>
>>>> Hi,
>>>>
>>>> I am new to IPsec and trying to get a roadwarrior connection from a
>>>> Windows XP box to work, but I only get the error "no IKE config  
>>>> found".
>>>>
>>>> I have tried many different settings and looked into even more search
>>>> results without luck.
>>>> VPN server is strongSwan 5.0.2 on an IPfire 2.13 rc2 where I have
>>>> configured all the certificates via GUI.
>>>> The user certificate is loaded in the ShrewSoft VPN client.
>>>> Out of nescience I simply used the default values where I didn´t
>>>> understand something.
>>>>
>>>> For my ipsec.conf see http://pastebin.com/3XV1S5AK
>>>>
>>>> # cat /var/ipfire/vpn/ipsec.secrets
>>>> include /etc/ipsec.user.secrets
>>>> : RSA /var/ipfire/certs/hostkey.pem
>>>>
>>>> ipsec.user.conf and ipsec.user.secrets are empty beside some comments.
>>>>
>>>>
>>>> On startup of the VPN server I get this warning/error and don´t know  
>>>> if
>>>> that is a problem or can be safely ignored:
>>>>
>>>> Feb 11 16:27:03 atl-ipfire charon: 08[CFG] invalid subnet: vhost:%no,
>>>> skipped
>>>> Feb 11 16:27:03 atl-ipfire charon: 08[CFG] invalid subnet: %priv,
>>>> skipped
>>>>
>>>>
>>>> Screenshots of my ShrewSoft Client configuration:
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120503_zpscfa99a6c.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120510_zps2b31d8c2.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120513_zps24759140.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120514_zps020b99c2.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120518_zps689e7a6f.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120519_zpsdcbf1bb4.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120521_zpsb50b961a.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120524_zps2e568ced.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120526_zps2b7573b4.png
>>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120529_zps1468d09d.png
>>>>
>>>> Also tried it with the following instead of "auto":
>>>> dh: group 2
>>>> cipher: 3des
>>>> hash: sha1
>>>>
>>>>
>>>>
>>>> When I try to connect, I get the error "no IKE config" in
>>>> "/var/log/messages":
>>>>
>>>> Feb 14 11:03:02 atl-ipfire charon: 10[NET] received packet: from
>>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
>>>> Feb 14 11:03:02 atl-ipfire charon: 10[NET] waiting for data on sockets
>>>> Feb 14 11:03:02 atl-ipfire charon: 05[MGR] checkout IKE_SA by message
>>>> Feb 14 11:03:02 atl-ipfire charon: 05[MGR] created IKE_SA (unnamed)[2]
>>>> Feb 14 11:03:03 atl-ipfire charon: 05[NET] received packet: from
>>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (3080 bytes)
>>>> Feb 14 11:03:03 atl-ipfire charon: 05[IKE] no IKE config found for
>>>> xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx, sending NO_PROPOSAL_CHOSEN
>>>> Feb 14 11:03:03 atl-ipfire charon: 05[NET] sending packet: from
>>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (40 bytes)
>>>> Feb 14 11:03:03 atl-ipfire charon: 06[NET] sending packet: from
>>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
>>>> Feb 14 11:03:03 atl-ipfire charon: 05[MGR] checkin and destroy IKE_SA
>>>> (unnamed)[2]
>>>> Feb 14 11:03:03 atl-ipfire charon: 05[IKE] IKE_SA (unnamed)[2] state
>>>> change: CREATED => DESTROYING
>>>> Feb 14 11:03:03 atl-ipfire charon: 05[MGR] check-in and destroy of
>>>> IKE_SA
>>>> successful
>>>>
>>>> I get the same error when I try to connect with an iPhone or the
>>>> GreenBow
>>>> VPN client, so I guess there must be something wrong on the server
>>>> side.
>>>>
>>>>
>>>> How can I fix this? What else can I test?
>>>>
>>>>
>>>> Lars
>>>>
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Linux VPN Solution!                www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users




More information about the Users mailing list