[strongSwan] VPN with preshared Key between BB10 and Raspberry-Pi
Christian Klugesherz
christian.klugesherz at gmail.com
Mon Jul 18 10:58:39 CEST 2016
Hi Tobias,
Thank you for your prompt answer.
As highlighted in the same topic : rightauth=eap-mschapv2 (See below)
I will test this evening by adding eap_identity=%any, and will revert to you.
Please let me know if you should observe a typo in my config, which
should not fulfill strongSwan's recommendation
Many thanks
Regards
Christian
# /etc/ipsec.conf - strongSwan IPsec configuration file
# https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection
config setup
# https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
# https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
conn BB10
leftid=@ckl.freeboxos.fr
left=%defaultroute
leftfirewall=yes
#leftsubnet=0.0.0.0/0
leftsubnet=192.168.1.0/24
right=%any
rightsourceip=10.0.0.0/16
rightdns=192.168.1.254
rightauth=eap-mschapv2
rightsendcert=never
auto=add
2016-07-18 9:47 GMT+02:00 Tobias Brunner <tobias at strongswan.org>:
> Hi Christian,
>
>> 16[CFG] looking for peer configs matching
>> 192.168.1.29[%any]...80.12.51.163[alice]
>> 16[CFG] selected peer config 'BB10'
>> 16[IKE] peer requested EAP, config inacceptable
>> 16[CFG] no alternative config found
>
> Sounds like the authentication settings of your config are wrong. Do
> you still have rightauth=eap-mschapv2? And perhaps also eap_identity=%any?
>
> Regards,
> Tobias
>
More information about the Users
mailing list