hi guys I got my strongswan updated to 5.8 and I think I migrated my simple config correctly:
connections { camuni { remote_addrs="remote.fqdn" # The location of the host, FQDN or IP vips="0.0.0.0" send_cert="never" local { id="me@domain" auth="eap" } remote { certs="remote.fqdn.crt" id="DNS:remote.fqdn" auth="eap" } children { camuni { remote_ts="172.16.0.0/12" mode="pass" start_action="start" } } } } secrets { eap { secret="aSecret" id="me@fqdn } } Yet still auth fails. I have no control over "remote.fqdn" but at my end I see: ... IKE] initiating IKE_SA camuni[9] to xx.XX.zz.ZZ [ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] [NET] sending packet: from xx.XX.yy.YY[500] to xx.XX.zz.ZZ[500] (1400 bytes) [NET] received packet: from xx.XX.zz.ZZ[500] to xx.XX.yy.YY[500] (592 bytes) [ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ] [CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 [IKE] remote host is behind NAT [IKE] sending cert request for "O=CA, CN=mydom.local" [IKE] sending cert request for "O=CA, CN=mydom.local" [IKE] establishing CHILD_SA camuni{9} [ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] [NET] sending packet: from xx.XX.yy.YY[4500] to xx.XX.zz.ZZ[4500] (432 bytes) [NET] received packet: from xx.XX.zz.ZZ[4500] to xx.XX.yy.YY[4500] (80 bytes) [ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] [IKE] received AUTHENTICATION_FAILED notify error initiate failed: establishing CHILD_SA 'camuni' failed Would you have any suggestions and advice I'll be grateful. many thanks, L.