linux

A new ipsec connection is not being raised, why?

Error: unable to resolve %any, initiate aborted
tried to check-in and delete nonexisting IKE_SA
establishing connection 'IPsec' failed
Config:

conn IPsec
        left=45.58.46.74   / адрес внешнего интерфейса
        leftsubnet=0.0.0.0/0
        leftid=45.58.46.74
        leftcert=fullchain.pem
        leftauth=pubkey   / говорим, что мы авторизуемся у клиент с помощью сертификата RSA

        right=%any  / к нам можно подключиться с любого IP
        rightauth=pubkey
        rightdns=8.8.8.8
        auto=add  / подключение будет инициироваться клиентом
        keyexchange=ikev2
        type=tunnel

Logs

May  5 12:31:37 Devserver charon: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
May  5 12:31:37 Devserver charon: 08[NET] sending packet: from 45.58.46.74[4500] to 5.31.156.60[24018] (80 bytes)
May  5 12:31:37 Devserver charon: 08[IKE] IKE_SA (unnamed)[4] state change: CONNECTING => DESTROYING

As I understand it, authorization does not pass through the key.
What could be such a typical mistake?