[strongSwan] strongswan error: "no matching peer config found"
martin at strongswan.org
Wed Mar 6 09:39:42 CET 2013
> ==== SERVER ipsec.conf ====
In strongswan, it is required that you define a leftid that is contained
in your certificate, either as subject or as subjectAltName. This is
certainly not the case for %any, hence the daemon overrides leftid with
the certificate subject (see startup log).
> ==== CLIENT ipsec.conf ====
Your client however doesn't define a rightid, defaulting to right, which
is the IP for msi-strongswan.simorg.msi.
To fix the issue, use a leftid on the server that is contained in the
certificate. On the client, configure the same as rightid. Alternatively
you can define rightid=%any on the client, but this implies that your
connection can be authenticated by any responder that has a valid
certificate under your CA.
More information about the Users