Hi Marcel,
> IDir '<redacted>.selfhost.eu' does not match to '<redacted>.selfhost.eu'
>
> Both strings that I've replaced by <redacted> are equal in the output.
In IKE, each identity has an associated type, which is not directly
visible in the log. strongSwan automatically detects the type of
configured identities, <redacted>.selfhost.eu uses the ID_FQDN type.
Some IKE implementations do not use the type for the identity that would
be the most obvious choice, likely that your Fritzbox uses a different
type. If your Fritzbox has such an option, try to enforce the ID_FQDN
type for its identity.
Alternatively, you may try the attached debug patch to see what identity
types are used. With the upcoming 5.2.2 release, you can enforce
identity types in strongSwan. As a work-around, you also can try to use
rightid=%any to accept any identity the peer offers.
Regards
Martin
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 5065e70..8b2ca9d 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -682,7 +682,9 @@ METHOD(task_t, process_i, status_t,
cid = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
if (cid && !id->matches(id, cid))
{
- DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
+ DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y' (%N/%N)",
+ id, cid, id_type_names, id->get_type(id),
+ id_type_names, cid->get_type(cid));
id->destroy(id);
return send_delete(this);
}
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
