Greetings, I am working on installing StrongSwan 5.7.1 on Windows Server, based on the instructions at https://wiki.strongswan.org/projects/strongswan/wiki/Windows.
My swanctl.conf is as follows (identities anonymized): connections { rw-eap { local { auth = pubkey certs = server.crt id = MY.DNS.NAME } remote { auth = eap-mschapv2 eap_id = %any } children { net { esp_proposals = aes256-sha256,aes256-sha1,aes128-sha1 } } pools = rw_pool version = 2 send_certreq = no proposals = aes256-sha256-modp2048,aes256-sha256-modp1536,aes128-sha1-modp1024 } } secrets { eap-xxxx { id = xxxx secret = yyyyyyyy } } pools { rw_pool { addrs = 10.9.0.0/24 } } This produce an error INTERNAL_ADDRESS_FAILURE (identities anonymized): 09[IKE] authentication of 'xxxx' with EAP successful 09[IKE] authentication of 'MY.DNS.NAME' (myself) with EAP 09[IKE] IKE_SA rw-eap[4] established between 172.72.72.72[MY.DNS.NAME]...50.50.50.50[xxxx] 09[IKE] scheduling rekeying in 14359s 09[IKE] maximum IKE_SA lifetime 15799s 09[IKE] peer requested virtual IP %any 09[IKE] no virtual IP found for %any requested by 'xxxx' 09[IKE] peer requested virtual IP %any6 09[IKE] no virtual IP found for %any6 requested by 'xxxx' 09[IKE] no virtual IP found, sending INTERNAL_ADDRESS_FAILURE 09[IKE] configuration payload negotiation failed, no CHILD_SA built 09[IKE] failed to establish CHILD_SA, keeping IKE_SA 09[ENC] generating IKE_AUTH response 5 [ AUTH N(MOBIKE_SUP) N(ADD_6_ADDR) N(INT_ADDR_FAIL) ] 09[NET] sending packet: from 172.72.72.72[4500] to 50.50.50.50[44790] (160 bytes) 03[NET] received packet: from 50.50.50.50[44790] to 172.72.72.72[4500] (80 bytes) 03[ENC] parsed INFORMATIONAL request 6 [ D ] 03[IKE] received DELETE for IKE_SA rw-eap[4] 03[IKE] deleting IKE_SA rw-eap[4] between 172.72.72.72[MY.DNS.NAME]...50.50.50.50[xxxx] 03[IKE] IKE_SA deleted 03[ENC] generating INFORMATIONAL response 6 [ ] 03[NET] sending packet: from 172.72.72.72[4500] to 50.50.50.50[44790] (80 bytes) Do you know what I need to correct to prevent this error? Sent with ProtonMail Secure Email.
signature.asc
Description: OpenPGP digital signature