IPSEC con selection fail.

Started by xupetas, June 06, 2019, 10:19:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 06, 2019, 10:19:30 AM Last Edit: June 06, 2019, 10:22:11 AM by xupetas
Hello,

I think i might be doing something wrong here.

I have two ipsec phase 1 selections:

conn con1
  aggressive = yes
  fragmentation = yes
  keyexchange = ikev1
  mobike = yes
  reauth = yes
  rekey = yes
  forceencaps = yes
  installpolicy = yes
  type = tunnel
  dpdaction = none
  left = %any
  right = %any
 
  leftid = con1@vpn
  ikelifetime = 1500000000s
  lifetime = 360000s
  rightsourceip = 172.16.8.0/24
  ike = aes128-sha1-modp1024!
  leftauth = psk
  rightauth = psk
  rightauth2 = xauth-pam
  leftsubnet = 0.0.0.0/0
  esp = aes128-sha1!
  auto = add

conn con2
  aggressive = yes
  fragmentation = yes
  keyexchange = ikev1
  mobike = yes
  reauth = yes
  rekey = yes
  forceencaps = no
  installpolicy = no
  type = tunnel
  dpdaction = none
  left = %any
  right = %any
 
  leftid = con2@vpn
  ikelifetime = 28800s
  lifetime = 3600s
  rightsourceip = 172.16.8.0/24
  ike = aes128-sha1-modp1024!
  leftauth = psk
  rightauth = psk
  rightauth2 = xauth-pam
  leftsubnet = 0.0.0.0/0
  esp = aes128-sha1!
  auto = add


Why does it then, select always CON1, with every possible option in the identifier section: Distinguished name, user distinguished name, ASN.1 dist. Name, KeyID tag

Error:

With shared secret for CON1:

charon: 11[CFG] <6> looking for XAuthInitPSK peer configs matching 10.0.1.1...X.X.XX.X[con1@vpn]
charon: 11[CFG] <6> selected peer config "con1"

With shared secret for CON2:

charon: 11[CFG] <6> looking for XAuthInitPSK peer configs matching 10.0.1.1...X.X.XX.X[con2@vpn]
charon: 11[CFG] <6> selected peer config "con1"

What am i doing wrong? Who does it defaults back to the con1 always?

Thanks for a ubber product!
Print
Go Up Pages1
User actions