
<div>Hi, I have a debian box with static public IP and remote sites using Sonicwall devices and want to establish a tunnel between them.</div><div>I use PSK for auth and I have a case where  the tunnel is established with Openswan, but not with Strongswan(which I´d prefer to use)</div>

<div><br></div><div>This is my ipsec.conf:</div><div><br></div><div><div>----------</div><div>version 2.0</div><div>config setup</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>plutodebug=all</div><div>

<span class="Apple-tab-span" style="white-space:pre"> </span>klipsdebug=all</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>#charondebug=all</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>nat_traversal=no</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>#charonstart=yes</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>#plutostart=yes</div><div><br></div><div>conn %default</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>type=tunnel</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>leftsubnet=<a href="http://192.168.230.0/24">192.168.230.0/24</a></div><div><span class="Apple-tab-span" style="white-space:pre">      </span>left=LeftIP</div><div>

<span class="Apple-tab-span" style="white-space:pre"> </span>leftid=LeftP</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftnexthop=LeftGW</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>#keyexchange=ikev2</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>leftsourceip=192.168.230.50</div><div><span class="Apple-tab-span" style="white-space:pre">  </span>authby=secret</div><div><br></div><div>conn to-federalismo</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>auth=esp</div><div><span class="Apple-tab-span" style="white-space:pre">     </span>ike=3des-sha1-modp1024!</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>ikelifetime=28800s</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>esp=null-sha1</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>dpdaction=clear</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>leftsourceip=192.168.230.1</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>pfs=no</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>keyingtries=1</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>#right=<a href="http://domain1.dyndns.org">domain1.dyndns.org</a></div><div><span class="Apple-tab-span" style="white-space:pre">      </span>right=%any</div><div>

<span class="Apple-tab-span" style="white-space:pre"> </span>rightsubnet=<a href="http://192.168.110.0/24">192.168.110.0/24</a></div><div><span class="Apple-tab-span" style="white-space:pre">     </span>rightid=@<a href="http://domain1.dyndns.org">domain1.dyndns.org</a></div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>auto=add</div><div><br></div><div>include /etc/ipsec.d/examples/no_oe.conf</div></div><div>----------</div><div><br></div><div><br></div><div>And ipsec.secrets:</div>

<div><br></div><div>------</div><div>#@<a href="http://domain1.dyndns.org">domain1.dyndns.org</a><span class="Apple-tab-span" style="white-space:pre">      </span>IPLocal : PSK "temporal"</div><div>%any<span class="Apple-tab-span" style="white-space:pre">                               </span>IPLocal :<span class="Apple-tab-span" style="white-space:pre">   </span>PSK "temporal"</div>

------<div><br></div><div><br></div><div>Using exactly the same config files, the tunnel works with Openswan, but with Strongswan I get:</div><div><br></div><div><div>"Jan  4 16:34:08 debian pluto[22010]: "to-federalismo"[3] IPRemote #3: Can't authenticate: no preshared key found for `IPLocal' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD"</div>

<div><br></div><div>even though the ipsec.secrets files is confirmed with "ipsec rereadsecrets" succesfully.</div><div><br></div><div>If I change the right parameter to "right=<a href="http://domain1.dyndns.org">domain1.dyndns.org</a>" and uncomment the corresponding ipsec.secrets file, it works with Strongswan, but only for the first tunnel, the second (anoterh sonicwall device with dyndns) fails to work.</div>

<div>What can I do for Strongswan to accept the "right=%any" option? I tried enabling charon and didn´t work either.</div><div><br></div><div>Regards,</div><div><br></div><br>Omar<br>

</div>