[strongSwan] FritzBox to Strongswan
post at daniel-pomrehn.de
post at daniel-pomrehn.de
Thu Nov 24 13:23:28 CET 2016
Hi!
I'm trying to connect a FritzBox to a Strongswan Linux Server.
But I get the following error: no IKE config found for
138.201.84.186...77.11.69.219, sending NO_PROPOSAL_CHOSE
That's my strongswan configuration in ipsec.conf:
# ipsec.conf strongSwan IPsec configuration
config setup
uniqueids=no
conn %default
ike=aes256-sha-modp1024!
esp=aes256-sha1
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
conn fritz2swan
ike=aes256-sha-modp1024
esp=aes256-sha1
right=dyn.fritzbox
rightid=@dyn.fritzbox
rightsubnet=192.168.1.0/24
left=srv.strongswan
leftsubnet=192.168.50.0/24
authby=secret
ikelifetime=3600
keylife=3600
keyexchange=ike
auto=add
For the FritzBox I used this configuration:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "srv.strongswan";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = srv.strongswan;
localid {
fqdn = "dyn.fritzbox";
}
remoteid {
fqdn = srv.strongswan;
}
mode = phase1_mode_idp;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "8dfd88E05x92ecab";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.1.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.50.1;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-all/comp-all/pfs";
accesslist = "permit ip any 192.168.50.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
Can someone tell me, what I am doing wrong?
Thank you very much in advance!
Best regards
Daniel
More information about the Users
mailing list