[strongSwan] "IDir does not match" for same strings; Trouble setting up connection to a Fritz Box

Martin Willi martin at strongswan.org
Thu Dec 11 12:15:25 CET 2014


Hi Marcel,

> IDir '<redacted>.selfhost.eu' does not match to '<redacted>.selfhost.eu'
> 
> Both strings that I've replaced by <redacted> are equal in the output.

In IKE, each identity has an associated type, which is not directly
visible in the log. strongSwan automatically detects the type of
configured identities, <redacted>.selfhost.eu uses the ID_FQDN type.

Some IKE implementations do not use the type for the identity that would
be the most obvious choice, likely that your Fritzbox uses a different
type. If your Fritzbox has such an option, try to enforce the ID_FQDN
type for its identity.

Alternatively, you may try the attached debug patch to see what identity
types are used. With the upcoming 5.2.2 release, you can enforce
identity types in strongSwan. As a work-around, you also can try to use
rightid=%any to accept any identity the peer offers.

Regards
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug-ikev1-idir-types.diff
Type: text/x-patch
Size: 663 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141211/eeb1ffed/attachment.bin>


More information about the Users mailing list