Hello Dusan, On 29.04.2017 02:25, Dusan Ilic wrote: > Hi Noel, > > Okey, if I don't set "left" and initiate the connection it takes the wrong > route (multiple WAN-interfaces) and the remote peer don't expect that source > IP. Probably works better if the remote peer is initiating connection instead. > > If I set "left=%local.example" and "right" / "rightid" as you suggest I get > the following output n logfile: > > Apr 29 00:10:51 R6250 daemon.info charon: 10[IKE] tried 1 shared key for > 'local.example' - '137.135.x.x', but MAC mismatched > Apr 29 00:10:51 R6250 daemon.info charon: 10[ENC] generating INFORMATIONAL > request 2 [ N(AUTH_FAILED) ] > > If i fiddle in ipsec.secrets a bit, i get this instead: > > authentication of '137.135.x.x' with pre-shared key successful > constraint check failed: identity 'remote.example' required > selected peer config 'site2site' inacceptable: constraint checking failed > no alternative config found > Alright. Try the following left=%local.example leftid=local.example right=%remote.example rightid=remote.example
remote.example : PSK "PSKGOESHERE" Do it vice versa on the remote peer. Kind regards, Noel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
