Workstations on a smb domain 192.168.x.x network can dialin on the remote strongswan server and are gettings ips. There are also a few test vms on the libvirt 192.168.122 range. One can dial in, but the other cannot dial in. This is the one that is not member of the domain.
Could it be that domain specific settings, like eg. lower security protocols have been enabled allowing the ipsec connection to succeed on domain members? On the good session after candidate "win7" and cert match(?) I get logs like these: Jan 29 20:40:14 test2 charon: 11[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Jan 29 20:40:14 test2 charon: 13[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Jan 29 20:40:14 test2 charon: 13[IKE] received EAP identity 'user1' Jan 29 20:40:14 test2 charon: 13[IKE] initiating EAP_MSCHAPV2 method (id 0x8C) Jan 29 20:40:14 test2 charon: 13[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ] While on the session that breaks down I get these, but never the eap_mschapv2 Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00 Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 8d:a7:1b:f9:3c:da:45:76:89:e9:fe:d0:ee:04:97:58:cb:1e:c3:5b Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid b4:64:ba:c4:50:86:1b:f8:2d:51:ac:24:2c:cd:d8:3b:24:6f:36:fa Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0 Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8 Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
