Hi Christian, > Below the result I got by activating the loglevel "cfg 2"
You set it via stroke, which is a bit late as some of the interesting bits would have been the messages after "received stroke: add connection 'BB10'", which list the settings of the loaded config. Either set the log level via `charondebug` or strongswan.conf (see [1]). But since you added `eap_identity` the immediate problem is now a different one anyway: > Jul 18 16:05:17 raspberrypi charon: 09[IKE] no private key found for > 'ckl.freeboxos.fr' > Jul 18 16:05:17 raspberrypi charon: 09[ENC] generating IKE_AUTH > response 1 [ N(AUTH_FAILED) ] Which makes sense as there is no certificate or private key loaded during startup: > Jul 18 16:04:49 raspberrypi charon: 00[CFG] loading secrets from > '/etc/ipsec.secrets' > Jul 18 16:04:49 raspberrypi charon: 00[CFG] expanding file expression > '/var/lib/strongswan/ipsec.secrets.inc' failed > Jul 18 16:04:49 raspberrypi charon: 00[CFG] loaded IKE secret for %any > Jul 18 16:04:49 raspberrypi charon: 00[CFG] loaded EAP secret for alice > ... > Jul 18 16:04:49 raspberrypi charon: 09[CFG] received stroke: add > connection 'BB10' > Jul 18 16:04:49 raspberrypi charon: 09[CFG] adding virtual IP address > pool 10.0.0.0/16 > Jul 18 16:04:49 raspberrypi charon: 09[CFG] added configuration 'BB10' Refer to [2] for an example using a similar setup (with configs and logs etc. to compare to, but please read [3]). The how-to at [4] describes a simple way to create keys and certificates, if you haven't done so yet. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration [2] https://www.strongswan.org/testing/testresults/ikev2/rw-eap-md5-rsa/ [3] https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationExamplesNotes [4] https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
