[strongSwan] Configuration help request
ramyalexis at gmail.com
Thu Apr 7 21:37:07 CEST 2022
Got another question Tobias if you do not mind.
Got the same error as was in the thread: IPSec route based VPN - VTI
interface TX Errors NoRoute
So basically the tunnel is up. I use mar_in=mark_out=10 in VTI interface
(linux kernel is 3.10 so no modern interface)
The traffic looks like this:
>From tunnel remote - they are coming:
net-net: #1, reqid 1, INSTALLED, TUNNEL, ESP:AES_CBC-192/HMAC_SHA1_96
installed 1608s ago, rekeying in 78953s, expires in 93432s
in ca18b546 (0x0000000a), 672 bytes, 8 packets
out 482a8752 (0x0000000a), 0 bytes, 0 packets
Not sure where they go next.
>From local they are NoRoute - outgoing and no incoming
ip -s tunnel show
vti0: ip/ip remote 10.255.255.25 local 10.255.255.26 ttl inherit key 10
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
0 0 0 0 0 0
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
0 0 33 0 33 0
Route is simple - just the route for VTI interfaces itself
10.255.255.24/30 dev vti0 scope link
If i ping - the counter just increase and i got Destination unreachable as
in gude i tried to follow:
I also consult examples again here
did not find any config statment i am missing in my configuration.
What direction should i dig for?
чт, 7 апр. 2022 г. в 16:17, Tobias Brunner <tobias at strongswan.org>:
> Hi Alexey,
> > 07[CFG] looking for peer configs matching
> > x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
> > 07[CFG] no matching peer config found
> > 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> > 07[NET] sending packet: from x.x.x.x to y.y.y.y (80 bytes)
> > And the question is: why no matching peer found as peers and key is in
> > place?
> The peer proposes the IP addresses as identities (it's what you see in
>  in the "looking for peer configs matching ..." log message), which
> clearly don't match "key" (whatever that is exactly). So just remove
> those `id = key` lines (the default identities are the IP addresses) and
> associate the secret with y.y.y.y (i.e. set `id-1 = y.y.y.y` there).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users