AARGH -I knew it was somethin simple... sometimes you don't see the obvious... thank you for your hint! Jc
Martin Willi <[email protected]> hat geschrieben: Hi Jakob, > 08[CFG] looking for pre-shared key peer configs matching > 172.17.123.1...a.b.c.d[remote-id] > 08[CFG] candidate "client-test", match: 1/20/3100 (me/other/ike) > 08[IKE] no peer config found > So it is looking for a PSK using the internal address although I > configured a local ID !? The daemon is not looking for a PSK, but a configuration using PSK authentication it can use for that client. The lookup is for the local IP address, the remote IP address and the remote Identity received over IKE. A match for that selector is found, but the configuration is not usable, because it does not allow PSK authentication. The default is public key authentication. Use authby=psk (or the never leftauth/rightauth options) to allow PSK authentication on that configuration. man ipsec.conf for details. I agree that the log is not very clear in what is wrong here, I'll see if we can improve that. Regards Martin
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
