[strongSwan] Can't connect to Strongswan

Tobias Brunner tobias at strongswan.org
Wed Jul 18 15:30:20 CEST 2018


Hi Alexander,

> Interestingly enough, there are different error messages. When connecting with Linux, the key parts of the log seem to be:
> 
> Jul 18 15:05:56 below charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V ]
> Jul 18 15:05:56 below charon: 07[CFG] looking for an ike config for 46.4.163.72...80.152.52.195
> Jul 18 15:05:56 below charon: 07[IKE] no IKE config found for 46.4.163.72...80.152.52.195, sending NO_PROPOSAL_CHOSEN
> Jul 18 15:05:56 below charon: 07[ENC] generating INFORMATIONAL_V1 request 1522692232 [ N(NO_PROP) ]

Fix your config.  Either the IKE version or IPs don't match whatever you
configured (increase the log level for cfg to 2 or 3 for details).

> When connecting with macOS, I don’t even see where the process is failing. There is a good deal of communication, and finally
> 
> Jul 18 15:01:35 below charon: 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
> Jul 18 15:01:35 below charon: 08[IKE] peer supports MOBIKE
> Jul 18 15:01:35 below charon: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]

That's not the important part, which is:

> Jul 18 15:01:35 below charon: 08[CFG] selected peer config 'IKEv2'
> Jul 18 15:01:35 below charon: 08[IKE] peer requested EAP, config inacceptable
> Jul 18 15:01:35 below charon: 08[CFG] no alternative config found

The client wants to use EAP authentication, but the server is apparently
not configured for it.  So again, fix your config (client or server, but
they have to agree on how to authenticate each other).

Also, see [1].

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests


More information about the Users mailing list