[strongSwan] constraint check failed on different auth methods of sides
Volodymyr Litovka
doka.ua at gmx.com
Tue Oct 13 15:46:26 CEST 2020
Hi colleagues,
the question is for those, who remember history of changes in strongSwan :-)
I'm using the exactly same configuration on two Openwrt devices (one
equipped with 5.8.2, another one - with 5.6.2) and while it work with
latter, it don't with old one. Configuration is below, the message is:
15[CFG] <rc|28> constraint requires pre-shared key authentication, but
public key was used
15[CFG] <rc|28> selected peer config 'rc' inacceptable: constraint
checking failed
when I'm trying to use different auth methods on both sides: PSK on left
side and pubkey on right side. Is this functionality - different methods
of mutual authentication - was introduced somewhere in between of 5.6.2
and 5.8.2?
Client's configuration (which, again, works with 5.8.2 and doesn't with
5.6.2) is:
conn rc
keyexchange = ikev2
[ ... ]
# we are
left = %defaultroute
leftauth = psk
leftid = gagarin
leftsubnet = 0.0.0.0/0
leftupdown = /etc/ipsec.updown
# server
right = x.x.x.x
rightauth = pubkey
rightid = f.q.d.n
rightsubnet = 0.0.0.0/0
Thank you
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201013/d83ae3c3/attachment.html>
More information about the Users
mailing list