[strongSwan] upgrade from 4.5.2 to 5.2.1 breaks phase 2 authentication
Tobias Brunner
tobias at strongswan.org
Wed Jul 11 11:40:28 CEST 2018
> Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify
> payload[ATTRIBUTES-NOT-SUPPORTED]
> Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] ERROR: mismatched ID was returned.
I suppose this means it doesn't like the returned subnets. So check
your left|rightsubnet settings for this connection. On both sides,
because this looks a bit strange:
> Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Using IPsec SA configuration:
> 192.168.11.1/24<->192.168.100.1/24
.1/24 is technically the same as .0/24 but perhaps this box wants an
exact match, which strongSwan won't provide.
Regards,
Tobias
More information about the Users
mailing list