[strongSwan] Not Able to Connect

Andreas Steffen andreas.steffen at strongswan.org
Wed Mar 28 23:35:30 CEST 2018 

The connection setup gets now very far but finally fails because
the pools defined by

 pools = primary-pool-ipv4, primary-pool-ipv6

don't seem be defined (have you added a pools section in swanctl.conf?)
and therefore no virtual IP can be allocated to the initiator

Wed, 2018-03-28 08:31 15[IKE] <ikev2-pubkey|1>
  peer requested virtual IP %any
  no virtual IP found for %any requested by 'C=US, O=Quantum
CN=aries.darkmatter.org'
  peer requested virtual IP %any6
  no virtual IP found for %any6 requested by 'C=US, O=Quantum
CN=aries.darkmatter.org'
  no virtual IP found, sending INTERNAL_ADDRESS_FAILURE

Regards

Andreas

On 28.03.2018 17:37, Info wrote:
> I have no way of interpreting the syntax of these proposals as there's
> no definitive description.  Maybe '-' separates different options in a
> category and ',' separates categories?  But it also doesn't explain
> "classic and combined-mode algos" nor not to mix them.  I can't know
> these things by instinct.
> 
> Something else is wrong with the example.  I copied it -exactly- (except
> I used your esp_proposals), and the error log is attached.
> 
> 
> 
> On 03/28/2018 02:21 AM, Andreas Steffen wrote:
>> Hi,
>>
>> as your log explicitly says:
>>
>>> Tue, 2018-03-27 15:13 15[CFG] classic and combined-mode (AEAD)
>>> encryption algorithms can't be contained in the same IKE proposal
>> Thus instead of
>>
>> esp_proposals =
>>> aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072,default
>> you must define
>>
>> esp_proposals =
>>   aes192gcm16-aes128gcm16-ecp256,aes192-sha256-ecp256-modp3072,default
>>
>> Regards
>>
>> Andreas
>>
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2945 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180328/11b1082d/attachment.bin>

More information about the Users mailing list