[strongSwan] no matching CHILD_SA config found
Tobias Brunner
tobias at strongswan.org
Wed Apr 20 18:25:59 CEST 2016
Hi,
> After changing the log level with command:
> ipsec stroke loglevel cfg 2
>
> The result is attached. In green in the VPS IP and in red my public wan
> IP (the public IP of my draytek).
Did you even read the log yourself? It states:
looking for a child config for 0.0.0.0/0 === <Public WAN>/32
proposing traffic selectors for us:
0.0.0.0/0
proposing traffic selectors for other:
192.168.1.0/24
Here is again what I wrote previously:
>> Most likely your traffic selectors don't match, so you might have to
>> change left|rightsubnet accordingly (if you don't set them they default
>> to left|right).
Please study the documentation for the left|rightsubnet settings and fix
your config, or if your config is actually correct, i.e. the remote
traffic selector should be 192.168.1.0/24, then fix the Draytek's config
and make it propose that subnet instead of its public IP.
Regards,
Tobias
More information about the Users
mailing list