Could anybody else please answer my questions regarding what value to use for leftid/rightid?
Lars On Wed, 13 Mar 2013 16:47:00 +0100, Larsen <[email protected]> wrote: > Hi Justin, > > for another problem, I have already set subjectAltName of the server cert > to the external IP. > Do I have to put this somewhere in my client config? It´s not StrongSwan > on the client side, so there is no ipsec.conf. What should I look for in > my client software? You probably don´t know the ShrewSoft client, but > perhaps you can push me in the right direction. > > Second question: What value should I put into my client software as > leftid/rightid? > > Please bear in mind that I´m a total newbie with IPsec =/ > > > Lars > > > On Wed, 13 Mar 2013 16:36:33 +0100, Justin Grover > <[email protected]> wrote: > >> Lars, >> >> When I got this error previously, it was because I didn't have a >> matching >> leftid / rightid in my ipsec.conf files. this should be the subject or >> altsubjectname from your cert. >> >> I'm not seeing the leftid or rightid in your configs. If you add them, >> that >> might fix it. >> >> Justin >> On Mar 13, 2013 10:26 AM, "Larsen" <[email protected]> wrote: >> >>> Hi, >>> >>> I am still trying to establish a VPN connection between my Windows XP >>> box >>> using the ShrewSoft client and our IPFire server running Strongswan >>> 5.0.2, >>> but now I get the error "no peer config found" in the server log: >>> >>> >>> charon: 16[NET] received packet: from 192.168.120.24[500] to #external >>> IP#[500] (365 bytes) >>> charon: 16[IKE] ignoring certificate request without data >>> charon: 16[IKE] sending cert request for "C=DE, ST=city, L=city, >>> O=mycompany, OU=IPFire, CN=mycompanyCA, [email protected]" >>> charon: 16[NET] sending packet: from #external IP#[500] to >>> 192.168.120.24[500] (549 bytes) >>> charon: 12[NET] sending packet: from #external IP#[500] to >>> 192.168.120.24[500] >>> charon: 16[MGR] checkin IKE_SA (unnamed)[5] >>> charon: 16[MGR] check-in of IKE_SA successful. >>> charon: 06[NET] received packet: from 192.168.120.24[500] to #external >>> IP#[500] >>> charon: 06[NET] waiting for data on sockets >>> charon: 08[MGR] checkout IKE_SA by message >>> charon: 08[MGR] IKE_SA (unnamed)[5] successfully checked out >>> charon: 08[NET] received packet: from 192.168.120.24[500] to #external >>> IP#[500] (1292 bytes) >>> charon: 08[IKE] received end entity cert "C=DE, ST=city, O=mycompany, >>> OU=IPFire, CN=JonDoe" >>> charon: 08[CFG] looking for RSA signature peer configs matching >>> #external >>> IP#...192.168.120.24 >>> charon: 08[IKE] no peer config found >>> charon: 08[NET] sending packet: from #external IP#[500] to >>> 192.168.120.24[500] (92 bytes) >>> charon: 08[MGR] checkin and destroy IKE_SA (unnamed)[5] >>> charon: 08[MGR] check-in and destroy of IKE_SA successful >>> >>> >>> I already did a search, but couldn´t find the right answers to my >>> problem. >>> As far as I understand this error, it seems to me that the certificate >>> is >>> missing on the server, but I have created it there via IPFire. That >>> client >>> cert was then imported into the local computer store according to >>> http://wiki.strongswan.org/projects/strongswan/wiki/Win7Certs . >>> >>> I get the same error message trying this with TheGreenBow client or an >>> iPhone. My computer is on the same subnet it shall connect to via VPN, >>> but >>> I guess that shouldn´t be a problem for now. Also, the iPhone is not >>> using >>> the LAN, but still has the same problem. >>> >>> >>> # cat /etc/ipsec.conf >>> version 2 >>> >>> config setup >>> charondebug="dmn 2, mgr 2, ike 1, chd 2, job 2, cfg 1, knl 2, >>> net >>> 2, asn 1, enc 0, lib 1, esp 2, tls 2, tnc 2, imc 2, imv 2, pts 2" >>> >>> conn %default >>> keyingtries=%forever >>> >>> include /etc/ipsec.user.conf >>> >>> conn JonDoe >>> left=#external IP# >>> leftsubnet=192.168.120.0/24 >>> leftfirewall=yes >>> lefthostaccess=yes >>> right=%any >>> rightsubnet=vhost:%no,%priv >>> leftcert=/var/ipfire/certs/hostcert.pem >>> rightcert=/var/ipfire/certs/JonDoecert.pem >>> >>> >>> ike=aes256-sha2_256-modp8192,aes256-sha2_256-modp6144,aes256-sha2_256-modp4096,aes256-sha2_256-modp3072,aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha-modp8192,aes256-sha-modp6144,aes256-sha-modp4096,aes256-sha-modp3072,aes256-sha-modp2048,aes256-sha-modp1536,aes256-sha-modp1024,aes256-md5-modp8192,aes256-md5-modp6144,aes256-md5-modp4096,aes256-md5-modp3072,aes256-md5-modp2048,aes256-md5-modp1536,aes256-md5-modp1024,aes192-sha2_256-modp8192,aes192-sha2_256-modp6144,aes192-sha2_256-modp4096,aes192-sha2_256-modp3072,aes192-sha2_256-modp2048,aes192-sha2_256-modp1536,aes192-sha2_256-modp1024,aes192-sha-modp8192,aes192-sha-modp6144,aes192-sha-modp4096,aes192-sha-modp3072,aes192-sha-modp2048,aes192-sha-modp1536,aes192-sha-modp1024,aes192-md5-modp8192,aes192-md5-modp6144,aes192-md5-modp4096,aes192-md5-modp3072,aes192-md5-modp2048,aes192-md5-modp1536,aes192-md5-modp1024,aes128-sha2_256-modp8192,aes128-sha2_256-modp6144,aes128-sha2_256-modp4096,a >>> >>> es128-sha2_256-modp3072,aes128-sha2_256-modp2048,aes128-sha2_256-modp1536,aes128-sha2_256-modp1024,aes128-sha-modp8192,aes128-sha-modp6144,aes128-sha-modp4096,aes128-sha-modp3072,aes128-sha-modp2048,aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp8192,aes128-md5-modp6144,aes128-md5-modp4096,aes128-md5-modp3072,aes128-md5-modp2048,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha2_256-modp8192,3des-sha2_256-modp6144,3des-sha2_256-modp4096,3des-sha2_256-modp3072,3des-sha2_256-modp2048,3des-sha2_256-modp1536,3des-sha2_256-modp1024,3des-sha-modp8192,3des-sha-modp6144,3des-sha-modp4096,3des-sha-modp3072,3des-sha-modp2048,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp8192,3des-md5-modp6144,3des-md5-modp4096,3des-md5-modp3072,3des-md5-modp2048,3des-md5-modp1536,3des-md5-modp1024 >>> >>> >>> esp=aes256-sha2_256-modp8192,aes256-sha2_256-modp6144,aes256-sha2_256-modp4096,aes256-sha2_256-modp3072,aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp8192,aes256-sha1-modp6144,aes256-sha1-modp4096,aes256-sha1-modp3072,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-md5-modp8192,aes256-md5-modp6144,aes256-md5-modp4096,aes256-md5-modp3072,aes256-md5-modp2048,aes256-md5-modp1536,aes256-md5-modp1024,aes192-sha2_256-modp8192,aes192-sha2_256-modp6144,aes192-sha2_256-modp4096,aes192-sha2_256-modp3072,aes192-sha2_256-modp2048,aes192-sha2_256-modp1536,aes192-sha2_256-modp1024,aes192-sha1-modp8192,aes192-sha1-modp6144,aes192-sha1-modp4096,aes192-sha1-modp3072,aes192-sha1-modp2048,aes192-sha1-modp1536,aes192-sha1-modp1024,aes192-md5-modp8192,aes192-md5-modp6144,aes192-md5-modp4096,aes192-md5-modp3072,aes192-md5-modp2048,aes192-md5-modp1536,aes192-md5-modp1024,aes128-sha2_256-modp8192,aes128-sha2_256-modp6144,aes128-sha2_ >>> >>> 256-modp4096,aes128-sha2_256-modp3072,aes128-sha2_256-modp2048,aes128-sha2_256-modp1536,aes128-sha2_256-modp1024,aes128-sha1-modp8192,aes128-sha1-modp6144,aes128-sha1-modp4096,aes128-sha1-modp3072,aes128-sha1-modp2048,aes128-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp8192,aes128-md5-modp6144,aes128-md5-modp4096,aes128-md5-modp3072,aes128-md5-modp2048,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha2_256-modp8192,3des-sha2_256-modp6144,3des-sha2_256-modp4096,3des-sha2_256-modp3072,3des-sha2_256-modp2048,3des-sha2_256-modp1536,3des-sha2_256-modp1024,3des-sha1-modp8192,3des-sha1-modp6144,3des-sha1-modp4096,3des-sha1-modp3072,3des-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024,3des-md5-modp8192,3des-md5-modp6144,3des-md5-modp4096,3des-md5-modp3072,3des-md5-modp2048,3des-md5-modp1536,3des-md5-modp1024 >>> keyexchange=ikev1 >>> ikelifetime=1h >>> keylife=8h >>> compress=yes >>> dpddelay=30 >>> dpdtimeout=120 >>> dpdaction=clear >>> authby=rsasig >>> leftrsasigkey=%cert >>> rightrsasigkey=%cert >>> auto=add >>> rightsourceip= >>> >>> >>> # ll /var/ipfire/certs/hostcert.pem >>> -rw-r--r-- 1 nobody nobody 1639 2013-02-25 16:19 >>> /var/ipfire/certs/hostcert.pem >>> >>> ~# ll /var/ipfire/certs/JonDoecert.pem >>> -rw-r--r-- 1 nobody nobody 1533 2013-02-25 16:20 >>> /var/ipfire/certs/JonDoecert.pem >>> >>> >>> What is the cause of this error message? >>> >>> >>> Lars >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
