Hi, I am still trying to establish a VPN connection between my Windows XP box using the ShrewSoft client and our IPFire server running Strongswan 5.0.2, but now I get the error "no peer config found" in the server log:
charon: 16[NET] received packet: from 192.168.120.24[500] to #external IP#[500] (365 bytes) charon: 16[IKE] ignoring certificate request without data charon: 16[IKE] sending cert request for "C=DE, ST=city, L=city, O=mycompany, OU=IPFire, CN=mycompanyCA, [email protected]" charon: 16[NET] sending packet: from #external IP#[500] to 192.168.120.24[500] (549 bytes) charon: 12[NET] sending packet: from #external IP#[500] to 192.168.120.24[500] charon: 16[MGR] checkin IKE_SA (unnamed)[5] charon: 16[MGR] check-in of IKE_SA successful. charon: 06[NET] received packet: from 192.168.120.24[500] to #external IP#[500] charon: 06[NET] waiting for data on sockets charon: 08[MGR] checkout IKE_SA by message charon: 08[MGR] IKE_SA (unnamed)[5] successfully checked out charon: 08[NET] received packet: from 192.168.120.24[500] to #external IP#[500] (1292 bytes) charon: 08[IKE] received end entity cert "C=DE, ST=city, O=mycompany, OU=IPFire, CN=JonDoe" charon: 08[CFG] looking for RSA signature peer configs matching #external IP#...192.168.120.24 charon: 08[IKE] no peer config found charon: 08[NET] sending packet: from #external IP#[500] to 192.168.120.24[500] (92 bytes) charon: 08[MGR] checkin and destroy IKE_SA (unnamed)[5] charon: 08[MGR] check-in and destroy of IKE_SA successful I already did a search, but couldn´t find the right answers to my problem. As far as I understand this error, it seems to me that the certificate is missing on the server, but I have created it there via IPFire. That client cert was then imported into the local computer store according to http://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs . I get the same error message trying this with TheGreenBow client or an iPhone. My computer is on the same subnet it shall connect to via VPN, but I guess that shouldn´t be a problem for now. Also, the iPhone is not using the LAN, but still has the same problem. # cat /etc/ipsec.conf version 2 config setup charondebug="dmn 2, mgr 2, ike 1, chd 2, job 2, cfg 1, knl 2, net 2, asn 1, enc 0, lib 1, esp 2, tls 2, tnc 2, imc 2, imv 2, pts 2" conn %default keyingtries=%forever include /etc/ipsec.user.conf conn JonDoe left=#external IP# leftsubnet=192.168.120.0/24 leftfirewall=yes lefthostaccess=yes right=%any rightsubnet=vhost:%no,%priv leftcert=/var/ipfire/certs/hostcert.pem rightcert=/var/ipfire/certs/JonDoecert.pem ike=aes256-sha2_256-modp8192,aes256-sha2_256-modp6144,aes256-sha2_256-modp4096,aes256-sha2_256-modp3072,aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha-modp8192,aes256-sha-modp6144,aes256-sha-modp4096,aes256-sha-modp3072,aes256-sha-modp2048,aes256-sha-modp1536,aes256-sha-modp1024,aes256-md5-modp8192,aes256-md5-modp6144,aes256-md5-modp4096,aes256-md5-modp3072,aes256-md5-modp2048,aes256-md5-modp1536,aes256-md5-modp1024,aes192-sha2_256-modp8192,aes192-sha2_256-modp6144,aes192-sha2_256-modp4096,aes192-sha2_256-modp3072,aes192-sha2_256-modp2048,aes192-sha2_256-modp1536,aes192-sha2_256-modp1024,aes192-sha-modp8192,aes192-sha-modp6144,aes192-sha-modp4096,aes192-sha-modp3072,aes192-sha-modp2048,aes192-sha-modp1536,aes192-sha-modp1024,aes192-md5-modp8192,aes192-md5-modp6144,aes192-md5-modp4096,aes192-md5-modp3072,aes192-md5-modp2048,aes192-md5-modp1536,aes192-md5-modp1024,aes128-sha2_256-modp8192,aes128-sha2_256-modp6144,aes128-sha2_256-modp4096,a es128-sha2_256-modp3072,aes128-sha2_256-modp2048,aes128-sha2_256-modp1536,aes128-sha2_256-modp1024,aes128-sha-modp8192,aes128-sha-modp6144,aes128-sha-modp4096,aes128-sha-modp3072,aes128-sha-modp2048,aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp8192,aes128-md5-modp6144,aes128-md5-modp4096,aes128-md5-modp3072,aes128-md5-modp2048,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha2_256-modp8192,3des-sha2_256-modp6144,3des-sha2_256-modp4096,3des-sha2_256-modp3072,3des-sha2_256-modp2048,3des-sha2_256-modp1536,3des-sha2_256-modp1024,3des-sha-modp8192,3des-sha-modp6144,3des-sha-modp4096,3des-sha-modp3072,3des-sha-modp2048,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp8192,3des-md5-modp6144,3des-md5-modp4096,3des-md5-modp3072,3des-md5-modp2048,3des-md5-modp1536,3des-md5-modp1024 esp=aes256-sha2_256-modp8192,aes256-sha2_256-modp6144,aes256-sha2_256-modp4096,aes256-sha2_256-modp3072,aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp8192,aes256-sha1-modp6144,aes256-sha1-modp4096,aes256-sha1-modp3072,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-md5-modp8192,aes256-md5-modp6144,aes256-md5-modp4096,aes256-md5-modp3072,aes256-md5-modp2048,aes256-md5-modp1536,aes256-md5-modp1024,aes192-sha2_256-modp8192,aes192-sha2_256-modp6144,aes192-sha2_256-modp4096,aes192-sha2_256-modp3072,aes192-sha2_256-modp2048,aes192-sha2_256-modp1536,aes192-sha2_256-modp1024,aes192-sha1-modp8192,aes192-sha1-modp6144,aes192-sha1-modp4096,aes192-sha1-modp3072,aes192-sha1-modp2048,aes192-sha1-modp1536,aes192-sha1-modp1024,aes192-md5-modp8192,aes192-md5-modp6144,aes192-md5-modp4096,aes192-md5-modp3072,aes192-md5-modp2048,aes192-md5-modp1536,aes192-md5-modp1024,aes128-sha2_256-modp8192,aes128-sha2_256-modp6144,aes128-sha2_ 256-modp4096,aes128-sha2_256-modp3072,aes128-sha2_256-modp2048,aes128-sha2_256-modp1536,aes128-sha2_256-modp1024,aes128-sha1-modp8192,aes128-sha1-modp6144,aes128-sha1-modp4096,aes128-sha1-modp3072,aes128-sha1-modp2048,aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp8192,aes128-md5-modp6144,aes128-md5-modp4096,aes128-md5-modp3072,aes128-md5-modp2048,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha2_256-modp8192,3des-sha2_256-modp6144,3des-sha2_256-modp4096,3des-sha2_256-modp3072,3des-sha2_256-modp2048,3des-sha2_256-modp1536,3des-sha2_256-modp1024,3des-sha1-modp8192,3des-sha1-modp6144,3des-sha1-modp4096,3des-sha1-modp3072,3des-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp8192,3des-md5-modp6144,3des-md5-modp4096,3des-md5-modp3072,3des-md5-modp2048,3des-md5-modp1536,3des-md5-modp1024 keyexchange=ikev1 ikelifetime=1h keylife=8h compress=yes dpddelay=30 dpdtimeout=120 dpdaction=clear authby=rsasig leftrsasigkey=%cert rightrsasigkey=%cert auto=add rightsourceip= # ll /var/ipfire/certs/hostcert.pem -rw-r--r-- 1 nobody nobody 1639 2013-02-25 16:19 /var/ipfire/certs/hostcert.pem ~# ll /var/ipfire/certs/JonDoecert.pem -rw-r--r-- 1 nobody nobody 1533 2013-02-25 16:20 /var/ipfire/certs/JonDoecert.pem What is the cause of this error message? Lars _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
