IPSec IKEv2 with certificate (client to site) with StrongSwan under NAT (LOCAL IP MISMATCH)
Freshman Member
Hello,
i'm trying to configure an IPSEC IKEv2 VPN with certificate (client to site, without L2TP).
The server is an ATP the client in an android device with StrongSwan.
The firewall is under a router (and i feel that this is the problem since the same configuration works in other places where the firewall is directly responsible of the internet connection), the router is set to forward anything to the firewall (DMZ).
The error is LOCAL IP MISMATCH:
in the strongswan log the most relevant entries are:
invalid notify data lenght for NO__PROPOSAL_CHOSEN (48)
notify verification failed
could not decrypt payloads
message verification failed
IKE_AUTH response with message ID 1 processing failed"
PHASE 1:
PHASE 2:
Any hint?
@PeterUK i fell you have the solution, is it?
All Replies
-
You seem to of used a subnet 0.0.0.0/0 try host 0.0.0.0 for local policy
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
