On Tue, 07 Aug 2012 12:04:25 +0100, John Connett <[email protected]> wrote:
> On Mon, 06 Aug 2012 11:55:02 +0100, John Connett > <[email protected]> wrote: >> On Fri, 03 Aug 2012 10:14:01 +0100, Martin Willi <[email protected]> >> wrote: >>>> > 10[CFG] <2> looking for pre-shared key peer configs matching >>>> > 192.168.199.10...168.63.60.212[10.4.1.4] >>>> > 10[IKE] <2> no peer config found >>>> >>>> Is this an artifact of the charon / pluto merge in strongSwan 5? Or >>>> is >>>> "keyexchange=ikev2" not sufficient to cause IKEv2 to be used? >>> >>> The keyexchange parameter is connection specific, so your connection >>> will use IKEv2. >>> >>> Your peer, however, seems to initiate with IKEv1. You don't have a >>> matching connection for IKEv1, hence the negotiation fails with "no >>> peer >>> config found". >>> >> I have added: >> keyexchange=ikev1 >> so both initiator and responder should now be using IKEv1. > [text removed] >> Will continue to investigate ... > > I have rebuilt strongswan-5.0.0 without "-O2" in CFLAGS and have > attached gdb to charon as described in > http://wiki.strongswan.org/issues/198. > > On entry to the select_config function in libcharon/sa/ikev1/phase1.c > this->peer_cfg is NULL (so there is no attempt to find an alternative > config). > > The body of the while loop over the enumerator is not entered. > > This is consistent with the logging messages seen. > > What I need to do to ensure that a suitable peer config is available? Increased logging to "cfg=3" in strongswan.conf and obtained the following: 16[CFG] <2> looking for pre-shared key peer configs matching 192.168.199.10...168.63.60.212[10.4.1.5] 16[CFG] <2> peer config match local: 1 (ID_ANY) 16[CFG] <2> peer config match remote: 0 (ID_IPV4_ADDR -> 0a:04:01:05) 16[CFG] <2> ike config match: 12 (192.168.199.10 168.63.60.212) 16[IKE] <2> no peer config found So 10.4.1.5 is ID_MATCH_NONE (0) ... Unfortunately, I don't think the remote private IP address is fixed, just chosen from 10.4.1.0/24. Any help? -- John Connett _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
