IPSec IKEv2 with certificate (client to site) with StrongSwan under NAT (LOCAL IP MISMATCH)
Hello,
i'm trying to configure an IPSEC IKEv2 VPN with certificate (client to site, without L2TP).
The server is an ATP the client in an android device with StrongSwan.
The firewall is under a router (and i feel that this is the problem since the same configuration works in other places where the firewall is directly responsible of the internet connection), the router is set to forward anything to the firewall (DMZ).
The error is LOCAL IP MISMATCH:
in the strongswan log the most relevant entries are:
invalid notify data lenght for NO__PROPOSAL_CHOSEN (48)
notify verification failed
could not decrypt payloads
message verification failed
IKE_AUTH response with message ID 1 processing failed"
PHASE 1:
PHASE 2:
Any hint?
@PeterUK i fell you have the solution, is it?
All Replies
-
You seem to of used a subnet 0.0.0.0/0 try host 0.0.0.0 for local policy
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight