[strongSwan] questions on syslog output; linux server/mac client RSA certificate auth

Martin Willi martin at strongswan.org
Thu Dec 18 09:32:45 CET 2014


> 15[CFG] looking for a child config for vpn_ip/32[udp/l2f] === client_ip/32[udp/62338]
> Looks for a child config, doesn't find one, what's going on here?

Your client tries to negotiate a traffic selector for L2TP, most likely
because it is configured to use L2TP over IPsec. In this mode an L2TP
daemon handles the tunneling, strongSwan only protects the L2TP traffic.

If you want to use plain IPsec, try to configure "Cisco IPsec" on your
Mac client. This mode uses IKEv1 with XAuth authentication, and is most
likely preferable.

> Maybe I'm just being dense, but what is "Main Mode"?

Main Mode is a Phase 1 exchange in IKEv1 to establish an ISAKMP-SA.

I recommend to get some literature about IPsec and IKE; understanding
the basic concepts of these protocols is very helpful in configuring
strongSwan, especially if it comes to interoperability with other

Kind regards

More information about the Users mailing list