[strongSwan] no matching CHILD_SA config found

Rolf Schöpfer rolf at samplezone.ch
Wed May 21 20:05:36 CEST 2014




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SampleZone GmbH
Zürichstrasse 38b, CH-8306 Brüttisellen
Tel: 044 805 20 70, Fax: 044 805 20 72
========================================

Rolf Schöpfer
Dipl. El. Ing. HTL
Geschäftsleitung, Partner
rs at samplezone.ch

http://www.samplezone.ch
Hi

It's my sceond day trying to establish site2site VPN between fritzbox - strongswan. I did succeed with monowall - strongswan, so it shouldn't be a problem but unfortunately it is:

May 21 18:54:56 development charon: 16[IKE] received XAuth vendor ID
May 21 18:54:56 development charon: 16[IKE] received DPD vendor ID
May 21 18:54:56 development charon: 16[IKE] received NAT-T (RFC 3947) vendor ID
May 21 18:54:56 development charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 21 18:54:56 development charon: 16[IKE] xx.xx.xx.xx is initiating a Main Mode IKE_SA
May 21 18:54:56 development charon: 03[IKE] remote host is behind NAT
May 21 18:54:56 development charon: 02[CFG] looking for pre-shared key peer configs matching xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]
May 21 18:54:56 development charon: 02[CFG] selected peer config "host-rslan"
May 21 18:54:56 development charon: 02[IKE] IKE_SA host-rslan[1] established between xx.xx.xx.xx[xx.xx.xx.xx]...xx.xx.xx.xx[xx.xx.xx.xx]
May 21 18:54:56 development charon: 02[IKE] scheduling reauthentication in 3272s
May 21 18:54:56 development charon: 02[IKE] maximum IKE_SA lifetime 3452s
May 21 18:54:56 development charon: 13[IKE] no matching CHILD_SA config found
May 21 18:54:58 development charon: 14[IKE] received retransmit of request with ID 320192822, but no response to retransmit
May 21 18:55:02 development charon: 15[IKE] received retransmit of request with ID 320192822, but no response to retransmit

What does this message mean: "no matching CHILD_SA config found"?

Thanks for any help.

Rolf


More information about the Users mailing list