I installed Strongswan 5.1.2 from Ubuntu 14.04 reps or 5.2.1 night build
and xl2tpd.
Also created certificates (ca, server, clients) .
So, Win 7 l2tp/cert connection is established with these certificates, but
ikev2 connection as with machine certs as eap-mschapv2 do not work and
causes the same error:
*getting a local address in traffic selector 10.10.1.0/24
<http://10.10.1.0/24>[KNL] no local address found in traffic selector
10.10.1.0/24 <http://10.10.1.0/24>[IKE] CHILD_SA ikev2_machine_cert{1}
established with SPIs ce88164c_i f9267310_o and TS 10.10.1.0/24
<http://10.10.1.0/24> === 10.10.2.10/32 <http://10.10.2.10/32>[ENC]
generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS NBNS DNS NBNS)
SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ][NET] sending packet:
from 95.252.95.95[4500] to 5.18.98.53[4500] (1500 bytes)[DMN] signal of
type SIGINT received. Shutting down[IKE] queueing IKE_DELETE task[IKE]
activating new tasks[IKE] activating IKE_DELETE task*
My machine cert connection part:
conn ikev2_machine_cert
auto=add
esp=aes256-sha1
ike=aes256-sha1-modp1024
keyexchange=ikev2
left=95.252.95.95
leftsubnet=10.10.1.0/24
leftcert=/etc/ipsec.d/certs/server.crt
right=%any
rightsourceip=10.10.2.0/24
type=tunnel
conn ikev2_cert_eap-mschapv2
keyexchange=ikev2
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=95.252.95.95
leftsubnet=0.0.0.0/0
leftauth=pubkey
leftcert=/etc/ipsec.d/certs/server.crt
leftid=95.252.95.95
right=%any
rightauth=eap-mschapv2
rightsendcert=never
rightsourceip=10.10.3.10
eap_identity=%any
auto=add
type=tunnel
What is wrong and where is mistake ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141016/d4b59cdf/attachment.html>