Hello René, On 25.04.2017 12:42, Rene Maurer wrote: > conn home > keyexchange=ikev2 > ike=aes128-sha256-modp1024! > esp=aes128-sha256! > left=%config "left=%config" doesn't make sense. %config is neither a known keyword nor a valid resolvable hostname. If your routing table is sane and specifies the source IPs for the routes, you don't need to set this at all.
> ---------------------------------------------------------------------- > Apr 25 10:04:25 Metering daemon.info syslog: 10[CFG] added configuration > 'home' > Apr 25 10:04:25 Metering daemon.info syslog: 13[CFG] received stroke: route > 'home' > Apr 25 10:04:25 Metering daemon.info syslog: 17[LIB] resolving 'config' > failed: Name or service not known > Apr 25 10:04:25 Metering authpriv.info ipsec_starter[818]: 'home' routed > ---------------------------------------------------------------------- > > My first question: What does the following line mean? > 17[LIB] resolving 'config' failed: Name or service not known > Can it be ignored? Explained above. > Can anybody help me. I don't where to start to find the failure. > I assume that IKE does not work? Check if the packets arrive at the switch. Check the switch's log. Make sure you use the right IKE version. > Or is it the cert requests for an *unknown* ca? No. Kind regards, Noel -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
0x0739AD6C.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users