Questions about cert for roadwarrior and more? Why 192.168.1.79? i was
expecting 10.0.5.x please.
Why did you expect that?
spi=0xc166e8f236679cc9: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local
192.168.1.79:500, 255 bytes, policy 'roadwarrior'
192.168.1.79 is your local IP, which is on the interface with a link to
the default gateway.
$ route -n show -inet
If you have multiple IPs and you want to force iked to use a specific
one, you have to use "local":
local 10.0.5.x peer 45.77.223.7 \
spi=0xaf891eb37dd8f4cc: ca_getreq: no valid local certificate found for
FQDN/roadwarrior
spi=0xaf891eb37dd8f4cc: ca_getreq: using local public key of type RSA_KEY
spi=0xaf891eb37dd8f4cc: send IKE_AUTH req 1 peer 45.77.223.7:4500 local
192.168.1.79:4500, 947 bytes, NAT-T
spi=0xaf891eb37dd8f4cc: recv IKE_AUTH res 1 peer 45.77.223.7:4500 local
192.168.1.79:4500, 65 bytes, policy 'roadwarrior'
spi=0xaf891eb37dd8f4cc: sa_free: authentication failed notification from peer
Just a guess, since I have never worked with trusted public keys, but
maybe you have to copy the clients local.pub it into
/etc/iked/pubkeys/fqdn/roadwarrior
(not /etc/iked/pubkeys/fqdn/roadwarrior/local.pub)
or
/etc/iked/pubkeys/ipv4/A.B.C.D
on the server.
