> >> what is wrong? client side iked.conf: >> >> ikev2 'roadwarrior' active esp \ >> from dynamic to any \ >> peer 45.77.223.7 \ >> srcid roadwarrior \ >> dstid server1.domain \ >> request address any \ >> iface lo1 >> >> # iked -dv >> /etc/iked.conf: 43: invalid iface > > lo1 must exist: > # ifconfig lo1 create > > > To create it at a reboot: > # touch /etc/hostname.lo1 >
OK Thomas thank you. Questions about cert for roadwarrior and more? Why 192.168.1.79? i was expecting 10.0.5.x please. >From Road Warrior after deletetion of certs, exept local.pub and local.key: # iked -dv ikev2 "roadwarrior" active tunnel esp inet from 0.0.0.0 to 0.0.0.0/0 from :: to ::/0 local any peer 45.77.223.7 ikesa enc aes-128-gcm enc aes-256-gcm prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group modp1024 ikesa enc aes-256 enc aes-192 enc aes-128 enc 3des prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group modp1024 childsa enc aes-128-gcm enc aes-256-gcm group none esn noesn childsa enc aes-256 enc aes-192 enc aes-128 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group none esn noesn srcid roadwarrior dstid agroena.org lifetime 10800 bytes 4294967296 signature config address any iface lo0 ikev2_init_ike_sa: initiating "roadwarrior" spi=0xc166e8f236679cc9: send IKE_SA_INIT req 0 peer 45.77.223.7:500 local 0.0.0.0:500, 518 bytes spi=0xc166e8f236679cc9: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0xc166e8f236679cc9: ca_getreq: no valid local certificate found for FQDN/roadwarrior spi=0xc166e8f236679cc9: ca_getreq: using local public key of type RSA_KEY spi=0xc166e8f236679cc9: send IKE_AUTH req 1 peer 45.77.223.7:4500 local 192.168.1.79:4500, 947 bytes, NAT-T spi=0xc166e8f236679cc9: recv IKE_AUTH res 1 peer 45.77.223.7:4500 local 192.168.1.79:4500, 65 bytes, policy 'roadwarrior' spi=0xc166e8f236679cc9: sa_free: authentication failed notification from peer spi=0x128062d2440a20ca: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0x128062d2440a20ca: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0x128062d2440a20ca: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0x128062d2440a20ca: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0x128062d2440a20ca: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' ikev2_init_ike_sa: initiating "roadwarrior" spi=0xaf891eb37dd8f4cc: send IKE_SA_INIT req 0 peer 45.77.223.7:500 local 0.0.0.0:500, 518 bytes spi=0xaf891eb37dd8f4cc: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0xaf891eb37dd8f4cc: ca_getreq: no valid local certificate found for FQDN/roadwarrior spi=0xaf891eb37dd8f4cc: ca_getreq: using local public key of type RSA_KEY spi=0xaf891eb37dd8f4cc: send IKE_AUTH req 1 peer 45.77.223.7:4500 local 192.168.1.79:4500, 947 bytes, NAT-T spi=0xaf891eb37dd8f4cc: recv IKE_AUTH res 1 peer 45.77.223.7:4500 local 192.168.1.79:4500, 65 bytes, policy 'roadwarrior' spi=0xaf891eb37dd8f4cc: sa_free: authentication failed notification from peer spi=0x128062d2440a20ca: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' ikev2_init_ike_sa: initiating "roadwarrior" spi=0x72a1368e235340b8: send IKE_SA_INIT req 0 peer 45.77.223.7:500 local 0.0.0.0:500, 518 bytes spi=0x72a1368e235340b8: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local 192.168.1.79:500, 255 bytes, policy 'roadwarrior' spi=0x72a1368e235340b8: ca_getreq: no valid local certificate found for FQDN/roadwarrior spi=0x72a1368e235340b8: ca_getreq: using local public key of type RSA_KEY spi=0x72a1368e235340b8: send IKE_AUTH req 1 peer 45.77.223.7:4500 local 192.168.1.79:4500, 947 bytes, NAT-T spi=0x72a1368e235340b8: recv IKE_AUTH res 1 peer 45.77.223.7:4500 local 192.168.1.79:4500, 65 bytes, policy 'roadwarrior' spi=0x72a1368e235340b8: sa_free: authentication failed notification from peer
