[strongSwan] StrongSwan(optware) on Asus RT-AC66U (merlin build)-can't access LAN IPs

Luka Lukapple80 at gmail.com
Thu Nov 7 10:51:49 CET 2013 

Now I've tried to load modules by hand. I've added following line to
strongswan.conf:
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509
revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
attr farp xauth-generic

And if I check charon logs, it looks like it connects and then immediately
disconnects from vpn.
Here are interesting lines from log file, (I connect with iphone and get
"Negotiation with the VPN server failed":

...
Nov  7 10:31:12 14[CFG]   id '<server.wan.ip>' not confirmed by
certificate, defaulting to 'C=SI, O=Hlupo, CN=clientLupo'
...
Nov  7 10:31:12 14[CFG]   id '%any' not confirmed by certificate,
defaulting to 'C=SI, O=Hlupo, CN=<server.wan.ip>'
...
Nov  7 10:31:12 14[CFG] left is other host, swapping ends
...
Nov  7 10:13:55 04[IKE] IKE_SA (unnamed)[1] state change: CREATED =>
CONNECTING
...
Nov  7 10:13:56 05[IKE] remote host is behind NAT
...
Nov  7 10:13:57 11[IKE] XAuth authentication of 'lupo' successful
...
Nov  7 10:13:57 12[IKE] IKE_SA ios[1] state change: CONNECTING =>
ESTABLISHED
...
Nov  7 10:13:57 12[IKE] peer requested virtual IP %any
Nov  7 10:13:57 12[IKE] no virtual IP found for %any requested by 'lupo'
...
Nov  7 10:14:13 05[ENC] parsing HASH_V1 payload finished
Nov  7 10:14:13 05[ENC] parsing DELETE_V1 payload, 40 bytes left
...
Nov  7 10:14:13 05[ENC] parsing DELETE_V1 payload finished
...
Nov  7 10:14:13 05[IKE] IKE_SA ios[1] state change: ESTABLISHED => DELETING
Nov  7 10:14:13 05[MGR] checkin and destroy IKE_SA ios[1]
Nov  7 10:14:13 05[IKE] IKE_SA ios[1] state change: DELETING => DESTROYING
Nov  7 10:14:13 05[MGR] check-in and destroy of IKE_SA successful
Nov  7 10:14:13 02[NET] waiting for data on sockets
Nov  7 10:14:25 15[JOB] got event, queuing job for execution
Nov  7 10:14:25 15[JOB] next event in 9732s 760ms, waiting
Nov  7 10:14:25 06[MGR] checkout IKE_SA

Should I put something else instead of "right=%any" ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131107/d133a7a3/attachment.html>

More information about the Users mailing list