[strongSwan] Fwd: Re: FritzBox to Strongswan
Mirko Parthey
mirko.parthey at web.de
Fri Nov 25 16:51:53 CET 2016
On Fri, Nov 25, 2016 at 02:55:17PM +0100, post at daniel-pomrehn.de wrote:
> Using your advices for configuration I am back at my first error:
> Nov 25 14:53:25 srv charon: 08[CFG] ike config match: 0 (138.201.84.186
> 93.129.48.108 IKEv1)
> Nov 25 14:53:25 srv charon: 08[IKE] no IKE config found for
> 138.201.84.186...93.129.48.108, sending NO_PROPOSAL_CHOSEN
> I tried to use keyexchange=ike, keyexchange=ikev1, keyexchange=ikev2 in
> configuration.
The FritzBox only supports IKEv1.
> But the message still appears.
Please approach this in a more systematic way.
Revert all config changes and then apply them step by step to find out
which change caused the problem. I suspect it is the removal of "right=".
Since you are using "auto=add", the connection is not started on demand
from the strongSwan end anyway, and you can avoid starting it manually.
Add back the "right=" option if its removal was the cause of the error.
If you need further assistance with this particular issue, please post
the output of "ipsec statusall".
> >With strongSwan as the initiator and FritzBox as the responder, only
> >aggressive mode will work reliably.
It occured to me that I only tested this with dynamic IP addresses on
both ends. Does your strongSwan server have a static IP address? In this
case, it might be worth trying to make strongSwan work as an initiator
with Main Mode, but first things first.
Regards
Mirko
More information about the Users
mailing list