[strongSwan] Problems connecting with NAT-T, aggressive mode and PSK
martin at strongswan.org
Mon May 26 13:07:53 CEST 2014
> 13[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
> 13[CFG] looking for an ike config for w.x.y.z...a.b.c.d
> 13[CFG] found matching ike config: w.x.y.z...%any with prio 1052
> 13[CFG] looking for pre-shared key peer configs matching w.x.y.z...a.b.c.d[test_id]
> 13[IKE] no peer config found*
> So the peer sends its ID and charon finds the matching config section
> but then decides it does not actually match ?
It finds a matching ike config, which is the internal sub-configuration
used for proposal selection in the early IKE exchange. It does not find
a peer config, the complete configuration selected once the peer
identity is known.
> What is wrong here?
As your client is using aggressive mode, have you tried to set
aggressive=yes in ipsec.conf?
As responder, you also have to set the strongswan.conf option
to confirm you understand the security implications of such a setup, see
More information about the Users