[strongSwan] INTERNAL_ADDRESS_FAILURE on StrongSwan Windows Server

Ling Wyh lwyh at protonmail.ch
Thu Dec 20 17:37:04 CET 2018 

Greetings,

I am working on installing StrongSwan 5.7.1 on Windows Server, based on the instructions at https://wiki.strongswan.org/projects/strongswan/wiki/Windows.

My swanctl.conf is as follows (identities anonymized):

connections {
rw-eap {
local {
auth = pubkey
certs = server.crt
id = MY.DNS.NAME
}
remote {
auth = eap-mschapv2
eap_id = %any
} children {
net {
esp_proposals = aes256-sha256,aes256-sha1,aes128-sha1
}
}
pools = rw_pool
version = 2
send_certreq = no
proposals = aes256-sha256-modp2048,aes256-sha256-modp1536,aes128-sha1-modp1024
}
}
secrets {
eap-xxxx {
id = xxxx
secret = yyyyyyyy
}
}
pools {
rw_pool {
addrs = 10.9.0.0/24
}
}

This produce an error INTERNAL_ADDRESS_FAILURE (identities anonymized): 


09[IKE] authentication of 'xxxx' with EAP successful
09[IKE] authentication of 'MY.DNS.NAME' (myself) with EAP
09[IKE] IKE_SA rw-eap[4] established between 172.72.72.72[MY.DNS.NAME]...50.50.50.50[xxxx]
09[IKE] scheduling rekeying in 14359s
09[IKE] maximum IKE_SA lifetime 15799s
09[IKE] peer requested virtual IP %any
09[IKE] no virtual IP found for %any requested by 'xxxx'
09[IKE] peer requested virtual IP %any6
09[IKE] no virtual IP found for %any6 requested by 'xxxx'
09[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
09[IKE] configuration payload negotiation failed, no CHILD_SA built
09[IKE] failed to establish CHILD_SA, keeping IKE_SA
09[ENC] generating IKE_AUTH response 5 [ AUTH N(MOBIKE_SUP) N(ADD_6_ADDR) N(INT_ADDR_FAIL) ]
09[NET] sending packet: from 172.72.72.72[4500] to 50.50.50.50[44790] (160 bytes)
03[NET] received packet: from 50.50.50.50[44790] to 172.72.72.72[4500] (80 bytes)
03[ENC] parsed INFORMATIONAL request 6 [ D ]
03[IKE] received DELETE for IKE_SA rw-eap[4]
03[IKE] deleting IKE_SA rw-eap[4] between 172.72.72.72[MY.DNS.NAME]...50.50.50.50[xxxx]
03[IKE] IKE_SA deleted
03[ENC] generating INFORMATIONAL response 6 [ ]
03[NET] sending packet: from 172.72.72.72[4500] to 50.50.50.50[44790] (80 bytes)

Do you know what I need to correct to prevent this error?


Sent with ProtonMail Secure Email.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 509 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181220/cbe3679b/attachment.sig>

More information about the Users mailing list