[strongSwan] ipsec connection fails: no matching peer config found

Michael Schwartzkopff ms at sys4.de
Thu Oct 17 19:01:59 CEST 2019


I have a problem with one specific ipsec client. It cannot connect. The
logs on the server side say:

Oct 17 18:50:15 muc charon: 11[CFG] <111> looking for peer configs
matching[muc.XXX.de]...[ms at XXX.de]
Oct 17 18:50:15 muc charon: 11[CFG] <111> no matching peer config found

The status command on the server side says:

  con-mobile:  IKEv2, dpddelay=10s
  con-mobile:   local:  [muc.XXX.de] uses public key authentication
  con-mobile:    cert:  "CN=muc.XXX.de"
  con-mobile:   remote: [*@XXX.de] uses EAP_RADIUS authentication with
EAP identity '%any'

So why does the server have a problem to identify the new incomming

The server side logs for another (working) client look like:

Oct 17 18:57:17 muc charon: 12[CFG] <115> looking for peer configs
matching[%any]...[ms at XXX.de]
Oct 17 18:57:17 muc charon: 12[CFG] <con-mobile|115> selected peer
config 'con-mobile'

Server: strongswan on pfsense (FreeBSD strongSwan U5.7.1/K11.2-RELEASE-p10)

non-working client: strongswan on linux (Linux strongSwan

working client: strongswan on android. (2.2.0)

Mit freundlichen Grüßen,


[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the Users mailing list