Hi Jakob, In IKEv1 terminology the client IDs are traffic selectors (a single host or an IPv4 or IPv6 subnet) which define which local and remote subnets behind the gateways are to be connected with each other over the tunnel. With IKEv2 these proposals must match exactly. In your case it seems that the two IPsec endpoints propose differing subnet defininitions.
Regards Andreas On 08.10.2014 12:33, Jakob Curdes wrote:
.. we have one strongSwan U4.3.5 and on the second box a U5.1.2; when initiating a connection using IP addresses as IDs I get "our client ID returned doesn't match my proposal" in Phase 2 although the IPs are the correct ones (or Phase 1 would probably fail...) If I switch to hostnames as ID's, I get the same result. The connection is initiated from the U4.3.5 box. Any ideas? Regards, Jakob Curdes
====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
