Пытаюсь поднять IPSEc между дешевым ADSL-модемом DLINK и OpenWRT+Strongswan.Вот что имею:
--------
# ipsec.conf - strongSwan IPsec configuration file
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
conn net-net
authby=psk
left=193.22.141.1
leftsubnet=10.9.11.0/24
leftfirewall=yes
right=%any
rightsubnet=10.100.11.128/27
auto=add
-----
# /etc/ipsec.secrets - strongSwan IPsec secrets file
193.22.141.1 %any : PSK SecretKey123
------
И вот что получаю:
loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[CFG] loaded IKE secret for 193.41.143.43 %any
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 00[JOB] spawning 16 worker threads
Nov 18 16:04:37 rss-router-01 authpriv.info ipsec_starter[10179]: charon (10180) started after 20 ms
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 13[CFG] received stroke: add connection 'net-net'
Nov 18 16:04:37 rss-router-01 daemon.info syslog: 13[CFG] added configuration 'net-net'
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 15[NET] received packet: from 109.252.143.31[500] to 193.41.143.43[500]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 15[ENC] parsed ID_PROT request 0 [ SA ]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 15[IKE] 109.252.143.31 is initiating a Main Mode IKE_SA
Nov 18 16:04:39 rss-router-01 authpriv.info syslog: 15[IKE] 109.252.143.31 is initiating a Main Mode IKE_SA
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 15[ENC] generating ID_PROT response 0 [ SA V V V ]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 15[NET] sending packet: from 193.41.143.43[500] to 109.252.143.31[500]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 16[NET] received packet: from 109.252.143.31[500] to 193.41.143.43[500]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 16[ENC] parsed ID_PROT request 0 [ KE No ]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 16[ENC] generating ID_PROT response 0 [ KE No ]
Nov 18 16:04:39 rss-router-01 daemon.info syslog: 16[NET] sending packet: from 193.41.143.43[500] to 109.252.143.31[500]
Nov 18 16:04:40 rss-router-01 daemon.info syslog: 05[NET] received packet: from 109.252.143.31[500] to 193.41.143.43[500]
Nov 18 16:04:40 rss-router-01 daemon.info syslog: 05[ENC] parsed ID_PROT request 0 [ ID HASH ]
Nov 18 16:04:40 rss-router-01 daemon.info syslog: 05[CFG] looking for pre-shared key peer configs matching 193.41.143.43...109.252.143.31[109.252.143.31]
Nov 18 16:04:40 rss-router-01 daemon.info syslog: 05[IKE] no peer config found
Nov 18 16:04:40 rss-router-01 daemon.info syslog: 05[ENC] generating INFORMATIONAL_V1 request 1116361755 [ HASH N(AUTH_FAILED) ]
Nov 18 16:04:40 rss-router-01 daemon.info syslog: 05[NET] sending packet: from 193.41.143.43[500] to 109.252.143.31[500]
Почему No peer config found?