On 17.10.19 19:01, Michael Schwartzkopff wrote: > Hi, > > I have a problem with one specific ipsec client. It cannot connect. The > logs on the server side say: > > Oct 17 18:50:15 muc charon: 11[CFG] <111> looking for peer configs > matching 192.168.178.8[muc.XXX.de]...46.81.179.210[m...@xxx.de] > Oct 17 18:50:15 muc charon: 11[CFG] <111> no matching peer config found > > > The status command on the server side says: > > Connections: > con-mobile: 192.168.178.8...%any IKEv2, dpddelay=10s > con-mobile: local: [muc.XXX.de] uses public key authentication > con-mobile: cert: "CN=muc.XXX.de" > con-mobile: remote: [*@XXX.de] uses EAP_RADIUS authentication with > EAP identity '%any' > > > So why does the server have a problem to identify the new incomming > connection? > > > The server side logs for another (working) client look like: > > Oct 17 18:57:17 muc charon: 12[CFG] <115> looking for peer configs > matching 192.168.178.8[%any]...109.41.194.144[m...@xxx.de] > Oct 17 18:57:17 muc charon: 12[CFG] <con-mobile|115> selected peer > config 'con-mobile' > > > Server: strongswan on pfsense (FreeBSD strongSwan U5.7.1/K11.2-RELEASE-p10) > > non-working client: strongswan on linux (Linux strongSwan > U5.8.1/K5.3.6-arch1-1-ARCH) > > working client: strongswan on android. (2.2.0) > > > Mit freundlichen Grüßen, > Hi,
found the reason. I had rightid="muc.XXX.de" in my client config. The logs do not show that the gateway ID is quoted. After removing the quotes the connection came up. Mit freundlichen Grüßen, -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein