Hello, everyone.
This is my iked.conf:
```
ikev2 "for-phone" passive esp \
from any to 10.0.3.2/32 \
local egress peer any \
ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group ecp256 \
childsa enc aes-256 auth hmac-sha2-256 prf hmac-sha2-256 group ecp256 \
srcid server.mine \
dstid phone.mine \
eap "mschap-v2" \
config address 10.0.3.2 \
config name-server 10.0.0.1 \
config netmask 255.255.255.255 \
config protected-subnet 10.0.0.0/24 \
config protected-subnet 10.0.1.0/24 \
config protected-subnet 10.0.2.0/24 \
tag "ROADW"
ikev2 "for-laptop" passive esp \
from any to 10.0.3.3/32 \
local egress peer any \
ikesa enc aes-256 auth hmac-sha2-512 prf hmac-sha2-512
group ecp521 \
childsa enc aes-256 auth hmac-sha2-512
group ecp521 \
srcid server.mine \
dstid laptop.mine \
rsa \
config address 10.0.3.3 \
config name-server 10.0.0.1 \
config netmask 255.255.255.255 \
config protected-subnet 10.0.0.0/24 \
config protected-subnet 10.0.1.0/24 \
config protected-subnet 10.0.2.0/24 \
tag "ROADW"
```
I expected the peer presenting itself as "phone.mine" get the first
policy (as long as it manages to authenticate by mschapv2), and the peer
presenting itself as "laptop.mine" to get the second policy.
However, what happens in reality is that both of them are being given the
second policy, and the phone fails to authenticate. If I comment out the
second policy, the phone successfully gets the first policy and
authenticates itself, but, obviously, the laptop does not work then.
How to correct the setup?
--
Your sincerely,
Vladimir Nikishkin (MiEr, lockywolf)
(Laptop)
