[strongSwan] Don't know where to start

[Noel Kuntze]

Hello René,

On 25.04.2017 12:42, Rene Maurer wrote:
> conn home
>     keyexchange=ikev2
>     ike=aes128-sha256-modp1024!
>     esp=aes128-sha256!
>     left=%config
"left=%config" doesn't make sense. %config is neither a known keyword nor a valid resolvable hostname.
If your routing table is sane and specifies the source IPs for the routes, you don't need to set this at all.

> ----------------------------------------------------------------------
> Apr 25 10:04:25 Metering daemon.info syslog: 10[CFG] added configuration 'home'
> Apr 25 10:04:25 Metering daemon.info syslog: 13[CFG] received stroke: route 'home'
> Apr 25 10:04:25 Metering daemon.info syslog: 17[LIB] resolving 'config' failed: Name or service not known
> Apr 25 10:04:25 Metering authpriv.info ipsec_starter[818]: 'home' routed
> ----------------------------------------------------------------------
>
> My first question: What does the following line mean?
> 17[LIB] resolving 'config' failed: Name or service not known
> Can it be ignored?

Explained above.

> Can anybody help me. I don't where to start to find the failure.
> I assume that IKE does not work?
Check if the packets arrive at the switch. Check the switch's log.
Make sure you use the right IKE version.
> Or is it the cert requests for an *unknown* ca?
No.

Kind regards,
Noel

-- 
Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x0739AD6C.asc
Type: application/pgp-keys
Size: 5423 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170425/89bbe1aa/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170425/89bbe1aa/attachment.sig>