
<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>

since only a single common PSK can be used with IKEv1 Main Mode<br>

and dynamic IP addresses, why don't you just define<br>

<br>

: PSK "temporal"<br>

<br></blockquote><div><br></div><div>Hi, when I use above PSK setup, the first tunnel works, but for the second, with identical dynamic configuration on the remote site and , I get:</div><div><br></div><div>"initial Main Mode message received on <a href="http://200.38.56.150:500">200.38.56.150:500</a> but no connection has been authorized with policy=PSK"</div>

<div><br></div><div>On ipsec.conf I have this for both remote sites:</div><div><br></div><div><div>conn site1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>#keyexchange=ikev1</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>auth=esp</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>ike=3des-sha1-modp1024</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>ikelifetime=28800s</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>esp=null-sha1</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>dpdaction=clear</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>leftsourceip=192.168.230.1</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>pfs=no</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>keyingtries=1</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>#right=<a href="http://site1.dyndns.org">site1.dyndns.org</a></div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>right=%any</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>rightsubnet=<a href="http://192.168.110.0/24">192.168.110.0/24</a></div><div>

<span class="Apple-tab-span" style="white-space:pre"> </span>rightid=@<a href="http://site1.dyndns.org">site1.dyndns.org</a></div><div><span class="Apple-tab-span" style="white-space:pre">        </span>#rightid=%any</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>auto=add</div>

<div><br></div><div>conn to-mariano-otero</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>#keyexchange=ikev1</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>auth=esp</div><div>

<span class="Apple-tab-span" style="white-space:pre"> </span>ike=3des-sha1-modp1024</div><div><span class="Apple-tab-span" style="white-space:pre">       </span>ikelifetime=28800s</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>esp=null-sha1</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>dpdaction=clear</div><div><span class="Apple-tab-span" style="white-space:pre">      </span>leftsourceip=192.168.230.1</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>pfs=no</div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>keyingtries=1</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>authby=secret</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>#right=<a href="http://mariano-otero.dyndns.org">mariano-otero.dyndns.org</a></div>

<div><span class="Apple-tab-span" style="white-space:pre">      </span>right=%any</div><div><span class="Apple-tab-span" style="white-space:pre">   </span>rightsubnet=<a href="http://192.168.111.0/24">192.168.111.0/24</a></div><div>

<span class="Apple-tab-span" style="white-space:pre"> </span>rightid=@<a href="http://mariano-otero.dyndns.org">mariano-otero.dyndns.org</a></div><div><span class="Apple-tab-span" style="white-space:pre">        </span>auto=add</div>

</div><div><br></div><div><br></div><div>And when I try with ikev2 (enabling charonstart and charondebug=all) on Strongswan and remote devices, the same happens, only one tunnel is established</div><div>By the way, I get almost no debug information with charon, just a line saying:</div>

<div><br></div><div>"Jan  4 22:09:18 debian charon: 10[IKE] RemoteIP is initiating an IKE_SA"</div><div><br></div><div>is this normal?</div><div><br></div><div>Any idea why I can´t make more tunnels to work? On this latter setup the Sonicwall logs reads "invalid payload".</div>

<div> </div></div><br>-- <br>Omar<br>