The logs you provided are not related to your problem. Please provide all information that is listed on the HelpRequests[1] page and elaborate on the network topology.
Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests On 29.01.2018 22:18, Marc Roos wrote: > Workstations on a smb domain 192.168.x.x network can dialin on the > remote strongswan server and are gettings ips. > There are also a few test vms on the libvirt 192.168.122 range. One can > dial in, but the other cannot dial in. This is the one that is not > member of the domain. > > Could it be that domain specific settings, like eg. lower security > protocols have been enabled allowing the ipsec connection to succeed on > domain members? > > On the good session after candidate "win7" and cert match(?) I get logs > like these: > Jan 29 20:40:14 test2 charon: 11[ENC] generating IKE_AUTH response 1 [ > IDr CERT AUTH EAP/REQ/ID ] > Jan 29 20:40:14 test2 charon: 13[ENC] parsed IKE_AUTH request 2 [ > EAP/RES/ID ] > Jan 29 20:40:14 test2 charon: 13[IKE] received EAP identity 'user1' > Jan 29 20:40:14 test2 charon: 13[IKE] initiating EAP_MSCHAPV2 method (id > 0x8C) > Jan 29 20:40:14 test2 charon: 13[ENC] generating IKE_AUTH response 2 [ > EAP/REQ/MSCHAPV2 ] > > While on the session that breaks down I get these, but never the > eap_mschapv2 > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00 > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 8d:a7:1b:f9:3c:da:45:76:89:e9:fe:d0:ee:04:97:58:cb:1e:c3:5b > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > b4:64:ba:c4:50:86:1b:f8:2d:51:ac:24:2c:cd:d8:3b:24:6f:36:fa > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0 > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8 > Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown > ca with keyid > dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15 > > > > > >
signature.asc
Description: OpenPGP digital signature
