<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi all<br>I am new on StrongSwan, so I may be missing something so obvious, but I spent several hours with no progress<br><br>I have installed a Strongswan instance and I am trying to connect it to a cisco router for SME<br>I control both of them.<br>My strongSwan instance runs in a virtualbox VM but has an interface on my "real" network 192.168.168.x and another interface to simulate a local network 169.254.229.x<br><br>I am trying to create a IP SEC tunnel, with preshared key but I have the following error<br>Nov 20 16:29:32 ubuntu pluto[4932]: packet from 192.168.168.161:500: initial Main Mode message received on 192.168.168.152:500 but no connection has been authorized with policy=PSK<br><br>PSK preshared key defined as follow<br><br>---<br>$ more /etc/ipsec.secrets<br>192.168.168.152 192.168.168.161 : PSK "password"<br>include /var/lib/strongswan/ipsec.secrets.inc<br>---<br><br>All my search results indicate that whether ipsec.secrets is not defined well or the preshared key is wrong.<br>the key is too simple to have an error and the ipsec.secrets file bellow seems fine for me and does not indicate any error when typing $ipsec secrets<br><br>ip sec status is as follow<br>---<br>$ sudo ipsec statusall<br>000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):<br>000 interface eth0/eth0 2a01:e35:8a29:50d0:a00:27ff:feab:e49:500<br>000 interface eth0/eth0 2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8:500<br>000 interface lo/lo ::1:500<br>000 interface lo/lo 127.0.0.1:500<br>000 interface eth0/eth0 192.168.168.152:500<br>000 interface eth1/eth1 169.254.229.110:500<br>000 %myid = '%any'<br>000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve<br>000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore<br>000<br>Status of IKEv2 charon daemon (strongSwan 4.5.2):<br> uptime: 7 minutes, since Nov 20 16:16:34 2013<br> malloc: sbrk 241664, mmap 0, used 136456, free 105208<br> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0<br> loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock<br>Listening IP addresses:<br> 192.168.168.152<br> 2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8<br> 2a01:e35:8a29:50d0:a00:27ff:feab:e49<br> 169.254.229.110<br>Connections:<br> cisco_home: 192.168.168.152...192.168.168.161<br> cisco_home: local: [swan] uses pre-shared key authentication<br> cisco_home: remote: [cisco] uses pre-shared key authentication<br> cisco_home: child: 169.254.229.0/24 === 192.168.15.0/24<br>Security Associations:<br> none<br><br> </div></body>
</html>