Just to report back: Problem "no IKE config found" solved after configuring IKEv1 for the client.
Lars On Sat, 23 Feb 2013 17:42:41 +0100, Larsen <[email protected]> wrote: > I knew it would be that simple =/ > Wouldn´t have thought that all three only speak IKEv1. > > Thanks a lot! I will test this the next days. > > > Lars > > > > On Sat, 23 Feb 2013 17:07:54 +0100, Andreas Steffen > <[email protected]> wrote: > >> Hi Lars, >> >> The Shrew, iphone and GreenBow clients speak IKEv1 only. Therefore >> you have to configure either >> >> keyexchange=ikev1 >> >> for IKEv1 only or >> >> keyexchange=ike >> >> for IKEv1 and IKEv2 support. >> >> Regards >> >> Andreas >> >> On 23.02.2013 16:38, Larsen wrote: >>> I am still totally stuck on this. Still get the error "no IKE config >>> found" with multiple clients. >>> Any help would be greatly appreciated! >>> >>> >>> Lars >>> >>> >>> On Thu, 14 Feb 2013 13:23:43 +0100, Larsen <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> I am new to IPsec and trying to get a roadwarrior connection from a >>>> Windows XP box to work, but I only get the error "no IKE config >>>> found". >>>> >>>> I have tried many different settings and looked into even more search >>>> results without luck. >>>> VPN server is strongSwan 5.0.2 on an IPfire 2.13 rc2 where I have >>>> configured all the certificates via GUI. >>>> The user certificate is loaded in the ShrewSoft VPN client. >>>> Out of nescience I simply used the default values where I didn´t >>>> understand something. >>>> >>>> For my ipsec.conf see http://pastebin.com/3XV1S5AK >>>> >>>> # cat /var/ipfire/vpn/ipsec.secrets >>>> include /etc/ipsec.user.secrets >>>> : RSA /var/ipfire/certs/hostkey.pem >>>> >>>> ipsec.user.conf and ipsec.user.secrets are empty beside some comments. >>>> >>>> >>>> On startup of the VPN server I get this warning/error and don´t know >>>> if >>>> that is a problem or can be safely ignored: >>>> >>>> Feb 11 16:27:03 atl-ipfire charon: 08[CFG] invalid subnet: vhost:%no, >>>> skipped >>>> Feb 11 16:27:03 atl-ipfire charon: 08[CFG] invalid subnet: %priv, >>>> skipped >>>> >>>> >>>> Screenshots of my ShrewSoft Client configuration: >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120503_zpscfa99a6c.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120510_zps2b31d8c2.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120513_zps24759140.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120514_zps020b99c2.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120518_zps689e7a6f.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120519_zpsdcbf1bb4.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120521_zpsb50b961a.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120524_zps2e568ced.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120526_zps2b7573b4.png >>>> http://photobucket.com/albums/a587/larsen17/capture_20130214_120529_zps1468d09d.png >>>> >>>> Also tried it with the following instead of "auto": >>>> dh: group 2 >>>> cipher: 3des >>>> hash: sha1 >>>> >>>> >>>> >>>> When I try to connect, I get the error "no IKE config" in >>>> "/var/log/messages": >>>> >>>> Feb 14 11:03:02 atl-ipfire charon: 10[NET] received packet: from >>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] >>>> Feb 14 11:03:02 atl-ipfire charon: 10[NET] waiting for data on sockets >>>> Feb 14 11:03:02 atl-ipfire charon: 05[MGR] checkout IKE_SA by message >>>> Feb 14 11:03:02 atl-ipfire charon: 05[MGR] created IKE_SA (unnamed)[2] >>>> Feb 14 11:03:03 atl-ipfire charon: 05[NET] received packet: from >>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (3080 bytes) >>>> Feb 14 11:03:03 atl-ipfire charon: 05[IKE] no IKE config found for >>>> xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx, sending NO_PROPOSAL_CHOSEN >>>> Feb 14 11:03:03 atl-ipfire charon: 05[NET] sending packet: from >>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (40 bytes) >>>> Feb 14 11:03:03 atl-ipfire charon: 06[NET] sending packet: from >>>> xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] >>>> Feb 14 11:03:03 atl-ipfire charon: 05[MGR] checkin and destroy IKE_SA >>>> (unnamed)[2] >>>> Feb 14 11:03:03 atl-ipfire charon: 05[IKE] IKE_SA (unnamed)[2] state >>>> change: CREATED => DESTROYING >>>> Feb 14 11:03:03 atl-ipfire charon: 05[MGR] check-in and destroy of >>>> IKE_SA >>>> successful >>>> >>>> I get the same error when I try to connect with an iPhone or the >>>> GreenBow >>>> VPN client, so I guess there must be something wrong on the server >>>> side. >>>> >>>> >>>> How can I fix this? What else can I test? >>>> >>>> >>>> Lars >>>> >> ====================================================================== >> Andreas Steffen [email protected] >> strongSwan - the Linux VPN Solution! www.strongswan.org >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
