I've installed strongswan on a new CentOS 7 server following https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html
Connections from Windows 10 and Android are fine. My understanding of all things VPN is very basic. Getting the backup CentOS 6 libreswan connected has stumped me, I'm unable to get past "no IKE config found for 10.240.0.2 ...<client_public_ip>" I can see entries relating to the client and server certificates looking at "ipsec status" so I think certificates are ok. Experimenting with specific ike and phasealg entries on client hasn't got me anywhere. There are no ikev2 mentions in the logs which seems wrong, so many Google results. Could someone please point me in the right direction. Gordon. ------------- server messages Nov 8 10:46:17 buddyi charon: 03[NET] received packet: from <client_public_ip>[500 ] to 10.240.0.2[500] Nov 8 10:46:17 buddyi charon: 03[NET] waiting for data on sockets Nov 8 10:46:17 buddyi charon: 05[MGR] checkout IKEv1 SA by message with SPIs a3 0b15eb151113bc_i 0000000000000000_r Nov 8 10:46:17 buddyi strongswan: 14[ENC] parsed ID_PROT request 0 [ SA V V V V V V ] Nov 8 10:46:17 buddyi strongswan: 14[CFG] looking for an ike config for 10.240. 0.2...<client_public_ip> Nov 8 10:46:17 buddyi strongswan: 14[IKE] no IKE config found for 10.240.0.2... <client_public_ip>, sending NO_PROPOSAL_CHOSEN Nov 8 10:46:17 buddyi strongswan: 14[ENC] generating INFORMATIONAL_V1 request 1 476202834 [ N(NO_PROP) ] ------------ client:/etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # interfaces="ipsec0=eth1" virtual_private=%v4: 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.100.64/27 # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none # klipsdebug=all # plutodebug="control parsing" # plutodebug=all # plutostderrlog=/var/log/pluto.log # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes virtual_private= oe=off # trying to connect libreswan here to strongswan on buddy conn buddy ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=rsasig leftcert="gj's VPN Certificate" leftsendcert=always leftid=%fromcert left=%defaultroute leftsubnet=10.0.100.0/24 leftprotoport=17/1701 # Replace IP address with your VPN server's IP right=<server_public_ip> rightprotoport=17/1701 auto=add #include /etc/ipsec.d/*.conf ---------- server ipsec.conf # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. # Sample VPN connections #conn sample-self-signed # leftsubnet=10.1.0.0/16 # leftcert=selfCert.der # leftsendcert=never # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightcert=peerCert.der # auto=start #conn sample-with-ca-cert # leftsubnet=10.1.0.0/16 # leftcert=myCert.pem # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightid="C=CH, O=Linux strongSwan CN=peer name" # auto=start # ipsec.conf - strongSwan IPsec configuration file config setup charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2" conn %default keyexchange=ikev2 ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024! esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1! dpdaction=clear dpddelay=300s rekey=no #Server side left=%any # left=10.240.0.2 leftsubnet=0.0.0.0/0 leftcert=vpnHostCert.der # leftfirewall=yes #Client side right=%any rightdns=8.8.8.8,8.8.4.4 rightsourceip=10.42.42.0/24 conn IPSec-IKEv2 keyexchange=ikev2 auto=add conn IPSec-IKEv2-EAP also="IPSec-IKEv2" rightauth=eap-mschapv2 rightauthby2=pubkey rightsendcert=never eap_identity=%any #conn CiscoIPSec # keyexchange=ikev1 # forceencaps=yes # authby=xauthrsasig # xauth=server # auto=add