IPSEC RoadWarrior - "no matching peer config found"

General questions.
Post Reply
exile183
Posts: 4
Joined: June 19th, 2013, 3:29 am

IPSEC RoadWarrior - "no matching peer config found"

Post by exile183 » September 22nd, 2018, 9:48 pm

Hey gang,

So I've been bashing my head against a brick wall trying to get this to work. Host-to-Net "Roadwarrior" configuration. I've created the root certificate on IPFIRE as well as a client certificate. I followed the instructions on the wiki for setting this up on Windows 10 (note: these instructions are quite a bit out of date, as many of the procedures don't apply to Windows 10 and is missing the crucial step of also importing the root certificate) and everything is *ALMOST* working. My client Windows 10 computer is indeed initiating a connection to IPFIRE but the IPSEC log says "no matching peer config found" - which is confounding.

Here's the relevant log for the connection attempt. Anything jump out at you?


15:38:18 charon: 01[NET] sending packet: from 184.71.229.222[4500] to 199.7.159.38[62156] (80 byt es)
15:38:18 charon: 01[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
15:38:18 charon: 01[IKE] peer supports MOBIKE
15:38:18 charon: 01[CFG] no matching peer config found
15:38:18 charon: 01[CFG] looking for peer configs matching 184.71.229.222[%any]...199.7.159.38[19 2.168.43.191]
15:38:18 charon: 01[IKE] received 51 cert requests for an unknown ca
15:38:18 charon: 01[IKE] received cert request for "C=CA, ST=AB, L=Calgary, O=JoeyNet, CN=JoeyNet CA, E=joey@lindstrom.ca"
15:38:18 charon: 01[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
15:38:18 charon: 01[ENC] received fragment #3 of 3, reassembling fragmented IKE message
15:38:18 charon: 01[ENC] parsed IKE_AUTH request 1 [ EF(3/3) ]
15:38:18 charon: 01[NET] received packet: from 199.7.159.38[62156] to 184.71.229.222[4500] (500 b ytes)
15:38:18 charon: 05[ENC] received fragment #2 of 3, waiting for complete IKE message
15:38:18 charon: 05[ENC] parsed IKE_AUTH request 1 [ EF(2/3) ]
15:38:18 charon: 05[NET] received packet: from 199.7.159.38[62156] to 184.71.229.222[4500] (580 b ytes)
15:38:18 charon: 13[ENC] received fragment #1 of 3, waiting for complete IKE message
15:38:18 charon: 13[ENC] parsed IKE_AUTH request 1 [ EF(1/3) ]
15:38:18 charon: 13[NET] received packet: from 199.7.159.38[62156] to 184.71.229.222[4500] (580 b ytes)
15:38:18 charon: 12[NET] sending packet: from 184.71.229.222[500] to 199.7.159.38[43386] (345 byt es)
15:38:18 charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) C ERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
15:38:18 charon: 12[IKE] sending cert request for "C=CA, ST=AB, L=Calgary, O=JoeyNet, CN=JoeyNet CA, E=joey@lindstrom.ca"
15:38:18 charon: 12[IKE] remote host is behind NAT
15:38:18 charon: 12[IKE] 199.7.159.38 is initiating an IKE_SA
15:38:18 charon: 12[IKE] 199.7.159.38 is initiating an IKE_SA
15:38:18 charon: 12[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a :51:00:00:00:02
15:38:18 charon: 12[IKE] received Vid-Initial-Contact vendor ID
15:38:18 charon: 12[IKE] received MS-Negotiation Discovery Capable vendor ID
15:38:18 charon: 12[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
15:38:18 charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_ D_IP) V V V V ]
15:38:18 charon: 12[NET] received packet: from 199.7.159.38[43386] to 184.71.229.222[500] (1104 b ytes)

Post Reply

Who is online

Users browsing this forum: No registered users and 9 guests