Hello All Again, I'm a little further along than I was when I last reached out for help. I would like to establish a connection between two ubuntu machines (client and server) on the same subnet. When I perform *sudo ipsec up myconn* from my strongswan client, here's the current output:
initiating IKE_SA mytest[2] to 192.168.0.50 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.0.75[500] to 192.168.0.50[500] received packet: from 192.168.0.50[500] to 192.168.0.75[500] parsed ID_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] received cert request for "C=US, O=MSI, CN=MSI-ROOT-CA" sending cert request for "C=US, O=MSI, CN=MSI-ROOT-CA" authentication of 'C=US, O=MSI, CN=MSI-ROOT-CA' (myself) with RSA signature successful sending end entity cert "C=US, O=MSI, CN=MSI-ROOT-CA" establishing CHILD_SA mytest generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] sending packet: from 192.168.0.75[4500] to 192.168.0.50[4500] received packet: from 192.168.0.50[4500] to 192.168.0.75[4500] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] received AUTHENTICATION_FAILED notify error When I check the logs on the server, they say: [IKE] received cert request for "C=US, O=MSI, CN=MSI-ROOT-CA" [IKE] received end entity cert "C=US, O=MSI, CN=MSI-ROOT-CA" [CFG] looking for peer configs matching 192.168.0.50[192.168.0.50]...192.168.0.75[C=US, O=MSI, CN=MSI-ROOT-CA] [CFG] no matching peer config found [IKE] peer supports MOBIKE [ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] [NET] sending packet: from 192.168.0.50[4500] to 192.168.0.75[4500] Does anyone know what this problem is? Here are my client and server ipsec.conf files: ==== CLIENT ipsec.conf ==== config setup strictcrlpolicy=no plutostart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev2 conn mytest left=%any leftsubnet=0.0.0.0/0 leftcert=/etc/ipsec.d/certs/cert.pem mobike=yes right=msi-strongswan.simorg.msi auto=start leftauth=pubkey ==== SERVER ipsec.conf ==== config setup strictcrlpolicy=no plutostart=no charondebug=all conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=pubkey keyexchange=ikev2 conn mytest left=msi-strongswan.simorg.msi mobike=yes right=%any auto=add leftcert=cert.pem rightid=%any leftid=%any rightsourceip=192.168.0.1/24 esp=aes-sha384-modp2048 ! ike=aes-sha384-modp2048 !
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
