[strongSwan] FritzBox to Strongswan

post at daniel-pomrehn.de post at daniel-pomrehn.de
Thu Nov 24 13:23:28 CET 2016


Hi!

I'm trying to connect a FritzBox to a Strongswan Linux Server.
But I get the following error: no IKE config found for 
138.201.84.186...77.11.69.219, sending NO_PROPOSAL_CHOSE

That's my strongswan configuration in ipsec.conf:
# ipsec.conf    strongSwan IPsec configuration

config setup
         uniqueids=no

conn %default
         ike=aes256-sha-modp1024!
         esp=aes256-sha1
         ikelifetime=60m
         keylife=20m
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1

conn fritz2swan
         ike=aes256-sha-modp1024
         esp=aes256-sha1
         right=dyn.fritzbox
         rightid=@dyn.fritzbox
         rightsubnet=192.168.1.0/24
         left=srv.strongswan
         leftsubnet=192.168.50.0/24
         authby=secret
         ikelifetime=3600
         keylife=3600
         keyexchange=ike
         auto=add

For the FritzBox I used this configuration:
vpncfg {
     connections {
         enabled = yes;
         conn_type = conntype_lan;
         name = "srv.strongswan";
         always_renew = yes;
         reject_not_encrypted = no;
         dont_filter_netbios = yes;
         localip = 0.0.0.0;
         local_virtualip = 0.0.0.0;
         remoteip = 0.0.0.0;
         remote_virtualip = 0.0.0.0;
         remotehostname = srv.strongswan;
         localid {
             fqdn = "dyn.fritzbox";
         }
         remoteid {
             fqdn = srv.strongswan;
         }
         mode = phase1_mode_idp;
         phase1ss = "all/all/all";
         keytype = connkeytype_pre_shared;
         key = "8dfd88E05x92ecab";
         cert_do_server_auth = no;
         use_nat_t = yes;
         use_xauth = no;
         use_cfgmode = no;
         phase2localid {
             ipnet {
                 ipaddr = 192.168.1.0;
                 mask = 255.255.255.0;
             }
         }
         phase2remoteid {
             ipnet {
                 ipaddr = 192.168.50.1;
                 mask = 255.255.255.0;
             }
         }
         phase2ss = "esp-all-all/ah-all/comp-all/pfs";
         accesslist = "permit ip any 192.168.50.0 255.255.255.0";
     }
     ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                         "udp 0.0.0.0:4500 0.0.0.0:4500";
}


Can someone tell me, what I am doing wrong?
Thank you very much in advance!

Best regards
Daniel


More information about the Users mailing list