[strongSwan] Phase 2: our client ID returned doesn't match my proposal betweetn two StrongSwans
jc at info-systems.de
Wed Oct 8 20:58:59 CEST 2014
Am 08.10.2014 13:38, schrieb Andreas Steffen:
> Hi Jakob,
> In IKEv1 terminology the client IDs are traffic selectors
> (a single host or an IPv4 or IPv6 subnet) which define which
> local and remote subnets behind the gateways are to be connected
> with each other over the tunnel. With IKEv2 these proposals must match
> exactly. In your case it seems that the two IPsec endpoints propose
> differing subnet defininitions.
In a way this was the point. I used the same notation on both sides:
but the newer strongswan will only understand CIDR masks correctly:
In the other case, it offers 192.168.4.0/32 which does not match the
But this is hard to see as both notations describe the same network....
Anyway, it works now, thank you very much for the hint!
More information about the Users