<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body smarttemplateinserted="true" bgcolor="#FFFFFF" text="#000000">
<div id="smartTemplate4-template">Here is an example of the first line of our ipsec.secrets file:<br>
<br>
[root@vpc2-ipsec-1-121 ~]# cat /etc/ipsec.secrets <br>
204.77.193.133 : PSK 99c10XXd0weo0023802pdnikfe0002o2l<br>
<br>
All of the PSKs do NOT have "s.<br>
<br>
<Remote Peer ID> : PSK <PSK_VALUE><br>
<br>
<br>
I noticed you were using ipsecure.secrets? Was that a typo? it ipsec.secrets. Please set leftid and rightid to be names of your local and remote peers respectively. That is how the ipsec.secrets file makes a correlation to a connection setup in your conf
file.<br>
</div>
<br>
<div id="smartTemplate4-quoteHeader">
<hr>
<br>
<b>From:</b> Noel Kuntze <a class="moz-txt-link-rfc2396E" href="mailto:noel@familie-kuntze.de">
<noel@familie-kuntze.de></a><br>
<b>Sent:</b> Wednesday, November 20, 2013 13:23<br>
<b>To:</b> ilyas Guennoun <a class="moz-txt-link-rfc2396E" href="mailto:elsa.watson-fzy8fw2@yopmail.com">
<elsa.watson-fzy8fw2@yopmail.com></a>, <a class="moz-txt-link-abbreviated" href="mailto:users@lists.strongswan.org">
users@lists.strongswan.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:users@lists.strongswan.org">
<users@lists.strongswan.org></a>, <a class="moz-txt-link-abbreviated" href="mailto:izz.abdullah@wepanow.com">
izz.abdullah@wepanow.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:izz.abdullah@wepanow.com">
<izz.abdullah@wepanow.com></a><br>
<b>Subject: </b>Re: [strongSwan] recurring problem of PSK, but cannot spot the error<br>
<br>
</div>
<pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Ilyas,
You need to put "s around the password.
Regards
Noel Kuntze
On 20.11.2013 20:21, ilyas Guennoun wrote:
</pre>
<blockquote type="cite">
<pre wrap="">So I set debug level to 4 for ike, kernel, config and network
I removed the ids to keep the minimum configuration (for better understanding) so I used IP adresses only.
conn cisco_home
left=192.168.168.152
leftsubnet=169.254.229.0/24
leftauth=psk
right=192.168.168.161
rightsubnet=192.168.15.0/24
rightauth=psk
type=tunnel
ike=aes128-sha1-modp1024
esp=aes128-sha1
auto=add
and ipsecure.secrets
192.168.168.152 192.168.168.161 : PSK password
include /var/lib/strongswan/ipsec.secrets.inc
BUT, i have the error when removing the quotes
$ ipsec secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loaded PSK secret for 192.168.168.152 192.168.168.161
003 "/etc/ipsec.secrets" line 10: PSK data malformed (input does not begin with format prefix): password
002 loading secrets from "/var/lib/strongswan/ipsec.secrets.inc"
the version I am using
$ ipsec version
Linux strongSwan U4.5.2/K3.2.0-29-generic-pae
latest in ubuntu repo
*
From:* Izz Abdullah <a class="moz-txt-link-rfc2396E" href="mailto:izz.abdullah@wepanow.com"><izz.abdullah@wepanow.com></a>
*Sent:* Wednesday, November 20, 2013 10:52
*To:* <a class="moz-txt-link-abbreviated" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:users@lists.strongswan.org"><users@lists.strongswan.org></a>
*Subject: *Re: [strongSwan] recurring problem of PSK, but cannot spot the error
I ran into this same problem when I first setup strongSwan. The ipsec.secrets file is in the format like so:
RemoteID : PSK PSK_VALUE
192.168.168.161 : PSK password
No need for quotes, and since your ID of the remote peer is the same as the IP, then the above should work.
*Izz Abdullah*
/Senior Systems Engineer/
<a class="moz-txt-link-abbreviated" href="mailto:Izz.Abdullah@wepanow.com">Izz.Abdullah@wepanow.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:izz.abdullah@wepanow.com"><mailto:izz.abdullah@wepanow.com></a>
205.605.6039 Office
800.675.7639 Toll Free
<a class="moz-txt-link-abbreviated" href="http://www.wepanow.com">www.wepanow.com</a>
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<pre wrap="">-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - <a class="moz-txt-link-freetext" href="http://www.enigmail.net/">http://www.enigmail.net/</a>
iQIcBAEBCAAGBQJSjQwTAAoJEDg5KY9j7GZYLhgP/RVX2PH74O1nu7ftI97/PFc7
OHSMXdDsfcld0QzKGDzQBKMKERFuRE688au7xPtpkno8S070eVSZmtSLrRbZDGJk
5hE8idCQ6H1vR/cSlxCt5XQodLt7/1haQgHFKZfTsITVEjyQhZhojtjG7VoZF5nk
jeyKcf/r9trazcdSFgElDSggyOUvb3MqootqWw1S/j9iSLoILLLdHnpVEWZvSrql
QaanSNPEMOwH09GK0zhc838A4rSCYAAwF31ZZR4x8CcN0wr01x20DncvzdQ7S0BT
z1AeHyPQFVuODGx9eltlgK15PytBgNQ1hJnG0rNXDum7xOVYU9vpd8Xvampw0T1y
Y2aV2gjU/94IgMrDSPaODh2llYlqjbvEAQJOTZ12w34+5tg4LcyAEFqQwQelmbyk
x3egYQjf4fzkT/4bhdsfiG7HEp2QF/CL+oYv+VZeH7r4/L2Wdpe43SeELfxpo7VW
bDC4vwVzj1bsKB2kiT4hTWmvVeM41k/dUdnmFr0C+CQQ48VyCBgL82oYPF4XbC/J
Df+PSLav7em+ossMsq50EWa22btm3DaAKsWp7oy+vSlc8lMrVHs+jk3J4hFKiP5B
PBhKXUfu36jLckNi7vqZVAXnNaTOuP6pdm1+L/3LKNLNuSZBfYKVDtOxliQoV8+Y
9LSJ3pnp1Zx4cKPHr/zW
=6HV0
-----END PGP SIGNATURE-----
</pre>
<br>
</body>
</html>