[strongSwan] strongswan error: "no matching peer config found"
Martin Willi
martin at strongswan.org
Wed Mar 6 09:39:42 CET 2013
Hi Justin,
> ==== SERVER ipsec.conf ====
> [...]
> leftcert=cert.pem
> leftid=%any
In strongswan, it is required that you define a leftid that is contained
in your certificate, either as subject or as subjectAltName. This is
certainly not the case for %any, hence the daemon overrides leftid with
the certificate subject (see startup log).
> ==== CLIENT ipsec.conf ====
> [...]
> right=msi-strongswan.simorg.msi
Your client however doesn't define a rightid, defaulting to right, which
is the IP for msi-strongswan.simorg.msi.
To fix the issue, use a leftid on the server that is contained in the
certificate. On the client, configure the same as rightid. Alternatively
you can define rightid=%any on the client, but this implies that your
connection can be authenticated by any responder that has a valid
certificate under your CA.
Best regards
Martin
More information about the Users
mailing list