[strongSwan] no matching peer config found

Tobias Brunner tobias at strongswan.org
Wed May 2 09:55:03 CEST 2018

Hi Christian,

> I am trying to re-use settings so that just the certificate is different
> (vpnserver uses ECDSA, vpnsever1 uses RSA), which according to the help
> page [1] should be possible:

No, that's not how this works.  What you actually define by adding a
second local* section is a second local authentication round.  That is,
you instruct the server to authenticate itself to the client twice, once
with ID vpnserver and a second time with ID vpnserver1.  However, that
requires a matching config on the client (and support for RFC 4739), so
this won't work with clients other than strongSwan and only if
configured manually.

If you want to reuse settings, define the shared settings in a separate
file and then include that file in the connection sections and override
the settings that are different.


More information about the Users mailing list