[strongSwan] Using StrongSwan for IPSec VPN on CentOS 7 - no matching peer config found.
jvpn at use.startmail.com
Mon Jan 4 04:25:33 CET 2016
update: after enabling more verbosity on CFG channel I see that
peer config match local: 0 (ID_FQDN -> ....)
how do I find out what is local ID_FQDN that charon is trying to compare
I tried several options like IP address, fqdn from certificate, a string
'C=CH, O=fqdn-ca, CN=fqdn' (without quotes) taken from log message
strongswan: 08[CFG] id 'fqdn' not confirmed by certificate, defaulting
to 'C=CH, O=fqdn-ca, CN=fqdn'
On 01/03/2016 07:10 PM, Josh wrote:
> I am trying to move a working strongswan eap-tls configuration from
> pfsense to CentOS 7.
> Started from
> removed all entries except for config, conn %default and conn
> IpsecIKEv2, adjusting conn IpsecIKEv2 to the following
> conn IpsecIKEv2
> pfsense working ipsec.conf looks like
> cat ipsec.conf
> # This file is automatically generated. Do not edit
> config setup
> uniqueids = yes
> conn con1
> fragmentation = yes
> keyexchange = ikev2
> reauth = yes
> forceencaps = no
> mobike = no
> rekey = yes
> installpolicy = yes
> type = tunnel
> dpdaction = clear
> dpddelay = 10s
> dpdtimeout = 60s
> auto = add
> left = nnn.nnn.nnn.nnn
> right = %any
> leftid = fqdn:pfsense.org.name
> ikelifetime = 28800s
> lifetime = 3600s
> rightsourceip = 192.168.142.0/24
> ike = 3des-sha1-modp1024!
> esp =
> rightca="/C=US/ST=FL/L=City/O=Org_Inc/emailAddress=ca at Org.name/CN=Org-internal-ca/"
> leftsubnet = 0.0.0.0/0
> pfsense configuration was created by consulting
> pfsense configuration works with both modes.
> but on CentOS, (even when I copy ipsec.conf from pfsense, adjusting IP
> and certificate, as a whole)
> Jan 3 18:15:14 hostname charon: 07[CFG] looking for peer configs
> matching nnn.nnn.nnn.nnn[server_name]...nnn.nnn.nnn.nnn[client_name]
> Jan 3 18:15:14 hostname charon: 07[CFG] no matching peer config found
> where server_name is CN from server certificate and client_name - from
> Is there a working configuration for connecting iOS 9.x to CentOS
> strongswan already described somewhere?
> Users mailing list
> Users at lists.strongswan.org
More information about the Users