<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:10px"><div><span>Thanks Noel, for your valuable input.</span></div><div><br><span></span></div><div><span>Regards</span></div><div id="yui_3_16_0_1_1438870072975_4536"><span>Ashok</span></div>  <br><div class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 10px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;"> <div dir="ltr"> <font face="Arial" size="2"> On Thursday, 6 August 2015 9:21 AM, Noel Kuntze <noel@familie-kuntze.de> wrote:<br> </font> </div>  <br><br> <div class="y_msg_container"><br clear="none">-----BEGIN PGP SIGNED MESSAGE-----<br clear="none">Hash: SHA256<br clear="none"><br clear="none">Hello Ashok,<br clear="none"><br clear="none">No, I mean that the default values for the different<br clear="none">settings are supposed to be defined in "conn %default",<br clear="none">not "conn default".<br clear="none">The first conn name sets the default values, but the second<br clear="none">name declares a conn called "default", it doesn't set any default values.<br clear="none">"authby=secret" is the same as "leftauth=psk" and "rightauth=psk".<br clear="none">"authby" is deprecated. Use "leftauth" and "rightauth".<br clear="none"><br clear="none">Mit freundlichen Grüßen/Kind Regards,<br clear="none">Noel Kuntze<br clear="none"><br clear="none">GPG Key ID: 0x63EC6658<br clear="none">Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br clear="none"><br clear="none">Am 05.08.2015 um 11:11 schrieb ashok kj:<br clear="none">> Thanks Noel for the reply. So Do you mean that "authyby=secret" is same as "left | rightauth=psk"<br clear="none">><br clear="none">> Regards<br clear="none">> Ashok<br clear="none">><br clear="none">><br clear="none">><br clear="none">> On Tuesday, 4 August 2015 5:18 PM, Noel Kuntze <<a shape="rect" ymailto="mailto:noel@familie-kuntze.de" href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>> wrote:<br clear="none">><br clear="none">><br clear="none">><br clear="none">> Hello Ashok<br clear="none">><br clear="none">> conn %default != conn default<br clear="none">><br clear="none">> Mit freundlichen Grüßen/Kind Regards,<br clear="none">> Noel Kuntze<br clear="none">><br clear="none">> GPG Key ID: 0x63EC6658<br clear="none">> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br clear="none">><br clear="none">> Am 04.08.2015 um 12:05 schrieb ashok kj:<br clear="none">> > Thanks Tobias,<br clear="none">><br clear="none">> > I was under the impression authby=secret will be same as left|rightauth=psk.<br clear="none">> > Thanks for your perfect shot.<br clear="none">><br clear="none">> > Regards<br clear="none">> > Ashok<br clear="none">><br clear="none">><br clear="none">><br clear="none">> > On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <<a shape="rect" ymailto="mailto:tobias@strongswan.org" href="mailto:tobias@strongswan.org">tobias@strongswan.org</a> <mailto:<a shape="rect" ymailto="mailto:tobias@strongswan.org" href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>>> wrote:<br clear="none">><br clear="none">><br clear="none">> > Hi Ashok,<br clear="none">><br clear="none">> > > I am trying to establish simple PSK IPSec session between 2 ubuntu systems.<br clear="none">> > ><br clear="none">> > > ...<br clear="none">> > > Aug  3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for 'moon.strongswan.org'<br clear="none">> > > ...<br clear="none">> > ><br clear="none">> > > May I know what am I missing?<br clear="none">><br clear="none">> > A lesson in reading the log and status output perhaps ;-)  The log<br clear="none">> > message above indicates that the daemon does not find a _private_ key,<br clear="none">> > not a _shared_ key.  That's because the connection is set to use public<br clear="none">> > key authentication, not pre-shared key authentication, as can be seen in<br clear="none">> > the output here:<br clear="none">><br clear="none">> > > <a shape="rect" ymailto="mailto:root@user-Lenovo-Product" href="mailto:root@user-Lenovo-Product">root@user-Lenovo-Product</a> <mailto:<a shape="rect" ymailto="mailto:root@user-Lenovo-Product" href="mailto:root@user-Lenovo-Product">root@user-Lenovo-Product</a>> <mailto:<a shape="rect" ymailto="mailto:root@user-Lenovo-Product" href="mailto:root@user-Lenovo-Product">root@user-Lenovo-Product</a> <mailto:<a shape="rect" ymailto="mailto:root@user-Lenovo-Product" href="mailto:root@user-Lenovo-Product">root@user-Lenovo-Product</a>>>:/home/user# ipsec statusall<br clear="none">> > > ...<br clear="none">> > >        home:  192.168.1.5...192.168.1.16  IKEv1/2<br clear="none">> > >        home:  local:  [moon.strongswan.org] uses public key authentication<br clear="none">> > >        home:  remote: [<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a> <mailto:<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a>> <mailto:<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a> <mailto:<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a>>>] uses public key authentication<br clear="none">><br clear="none">> > This is, of course, due to the `left|rightauth=psk` options you<br clear="none">> > commented out in ipsec.conf (the default is `pubkey`):<br clear="none">><br clear="none">><br clear="none">> > > conn home<br clear="none">> > >        left=192.168.1.5<br clear="none">> > >        leftid=@moon.strongswan.org<br clear="none">> > > #        leftauth=psk<br clear="none">> > > #      leftauth=pubkey<br clear="none">> > >        leftsubnet=192.168.1.5/32<br clear="none">> > >        leftfirewall=yes<br clear="none">> > >        right=192.168.1.16<br clear="none">> > >        rightid=<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a> <mailto:<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a>> <mailto:<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a> <mailto:<a shape="rect" ymailto="mailto:ashok@strongswan.org" href="mailto:ashok@strongswan.org">ashok@strongswan.org</a>>><br clear="none">><br clear="none">> > >        rightsubnet=192.168.1.16/32<br clear="none">> > > #        rightauth=psk<br clear="none">> > >        ike=3des-md5-modp768!<br clear="none">> > >        esp=aes128-sha1-modp1024!<br clear="none">> > > #        auto=add<br clear="none">> > >        auto=start<br clear="none">><br clear="none">> > Regards,<br clear="none">><br clear="none">> > Tobias<br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">> > _______________________________________________<br clear="none">> > Users mailing list<br clear="none">> > <a shape="rect" ymailto="mailto:Users@lists.strongswan.org" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a> <mailto:<a shape="rect" ymailto="mailto:Users@lists.strongswan.org" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>><br clear="none">> > <a shape="rect" href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none"><br clear="none">-----BEGIN PGP SIGNATURE-----<br clear="none">Version: GnuPG v2<br clear="none"><br clear="none">iQIcBAEBCAAGBQJVwtipAAoJEDg5KY9j7GZY0B8P/RI4Dbm1lgXJQT9ygoZDmuyd<br clear="none">kEl7AdVmT8tii3v3jAkQI/1itzbR2JWzBAlUlEseXtROYUImBiN/l6lhkO68qZEX<br clear="none">Wbyq3TMZGDIeJYywmF5CXQsIDqZ+JZcUOBFHZzVJZ5Kz0gWV+V50Knas9R4+tivH<br clear="none">JiIydyua4idoEAOUlQ/Bh6GSzhOqOZ4ennfvvzHem/YMw/x34hIc6abn/B9za97B<br clear="none">S2hWqWDF/5f0iPa3fWajP2NkfhaL87L7lKwTJdfduEpNH0lGWWvnZ0htZdsNmFgu<br clear="none">BVDw5Bgd54ZJe5uzInXmEl7HUwDwiC2XQhAe/T9/Tr04BdLIZQYE//OCN5TvUd5m<br clear="none">+AzOTzTmNFbjz2pAtVatkyw1n0cJ3fe4DAlAcOX/uXK3VVUlKXTBwb5rvCS9OF3B<br clear="none">pL0QyzfrcPNylef3g39AbrPixrMM1kbHZPBNGbAWF5L0qOpSOpFZo4e95pHxOHeF<br clear="none">1Z5L8KKtoS5c1GPethSHI0+o9lBJnSlqTFPN3XUJXObFDSlzKjEMeZR/iOfkg+6L<br clear="none">vg+6ae9u5yyX00I+KDppHDxSoN+d/d6QMLVhUQaVjUf+3nUZUVBDufxH+xwAu5Pk<br clear="none">szmHnpP9/dlvwy5sZ6dZLsB23Sgbwhw4mmccY10MZlnRNK0r9kbQSIhSyUR0K4pq<br clear="none">BD8Ti6qj27cWKlFfcC0+<br clear="none">=dMc1<div class="yqt4177099471" id="yqtfd70878"><br clear="none">-----END PGP SIGNATURE-----<br clear="none"><br clear="none"></div><br><br></div>  </div> </div>  </div></div></body></html>