[strongSwan] ipsec connection fails: no matching peer config found
Michael Schwartzkopff
ms at sys4.de
Thu Oct 17 19:01:59 CEST 2019
Hi,
I have a problem with one specific ipsec client. It cannot connect. The
logs on the server side say:
Oct 17 18:50:15 muc charon: 11[CFG] <111> looking for peer configs
matching 192.168.178.8[muc.XXX.de]...46.81.179.210[ms at XXX.de]
Oct 17 18:50:15 muc charon: 11[CFG] <111> no matching peer config found
The status command on the server side says:
Connections:
con-mobile: 192.168.178.8...%any IKEv2, dpddelay=10s
con-mobile: local: [muc.XXX.de] uses public key authentication
con-mobile: cert: "CN=muc.XXX.de"
con-mobile: remote: [*@XXX.de] uses EAP_RADIUS authentication with
EAP identity '%any'
So why does the server have a problem to identify the new incomming
connection?
The server side logs for another (working) client look like:
Oct 17 18:57:17 muc charon: 12[CFG] <115> looking for peer configs
matching 192.168.178.8[%any]...109.41.194.144[ms at XXX.de]
Oct 17 18:57:17 muc charon: 12[CFG] <con-mobile|115> selected peer
config 'con-mobile'
Server: strongswan on pfsense (FreeBSD strongSwan U5.7.1/K11.2-RELEASE-p10)
non-working client: strongswan on linux (Linux strongSwan
U5.8.1/K5.3.6-arch1-1-ARCH)
working client: strongswan on android. (2.2.0)
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list