[strongSwan] Configuration help request

Tobias Brunner tobias at strongswan.org
Thu Apr 7 15:17:02 CEST 2022


Hi Alexey,

> 07[CFG] looking for peer configs matching 
> x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> 07[CFG] no matching peer config found
> 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> 07[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (80 bytes)
> 
> And the question is: why no matching peer found as peers and key is in 
> place?

The peer proposes the IP addresses as identities (it's what you see in 
[] in the "looking for peer configs matching ..." log message), which 
clearly don't match "key" (whatever that is exactly).  So just remove 
those `id = key` lines (the default identities are the IP addresses) and 
associate the secret with y.y.y.y (i.e. set `id-1 = y.y.y.y` there).

Regards,
Tobias


More information about the Users mailing list