<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Hi</p>
<p>We are using strong swan on a box which should connect to another Firewall.<br />The strongswan initiates the connection. We have wiresharked the packets on the receiving site and we see that strongswan is sending XAUTH and PSK but I have only configured to use xauth.<br />I've also disabled XAUTH (shows not up by starting in loading modules).</p>
<p>What could be the problem, that strongswan sends PSK+XAUTH instead of only PSK:??</p>
<p>ERROR:<br />initial Main Mode message received on X.X.X.X:500 but no connection has been authorized with policy=PSK+XAUTH</p>
<p>ipsec.secrets:<br />%any X.X.X.X : PSK XXXXX</p>
<p>ipsec.conf:<br />conn con1000<br /> fragmentation = yes<br /> keyexchange = ikev1<br /> reauth = yes<br /> forceencaps = no<br /> mobike = no<br /> rekey = yes<br /> installpolicy = yes<br /> type = tunnel<br /> dpdaction = restart<br /> dpddelay = 10s<br /> dpdtimeout = 60s<br /> auto = route<br /> left = X.X.X.X<br /> right = Y.Y.Y.Y<br /> leftid = X.X.X.X<br /> ikelifetime = 28800s<br /> lifetime = 3600s<br /> ike = aes256-sha1-modp1024!<br /> esp = aes256-md5,aes256-sha1,aes256-sha256,aes256-sha384,aes256-sha512,aes256-aesxcbc,aes192-md5,aes192-sha1,aes192-sha256,aes192-sha384,aes192-sha512,aes192-aesxcbc,aes128-md5,aes128-sha1,aes128-sha256,aes128-sha384,aes128-sha512,aes128-aesxcbc,aes128gcm128-md5,aes128gcm128-sha1,aes128gcm128-sha256,aes128gcm128-sha384,aes128gcm128-sha512,aes128gcm128-aesxcbc,aes128gcm96-md5,aes128gcm96-sha1,aes128gcm96-sha256,aes128gcm96-sha384,aes128gcm96-sha512,aes128gcm96-aesxcbc,aes128gcm64-md5,aes128gcm64-sha1,aes128gcm64-sha256,aes128gcm64-sha384,aes128gcm64-sha512,aes128gcm64-aesxcbc,aes192gcm128-md5,aes192gcm128-sha1,aes192gcm128-sha256,aes192gcm128-sha384,aes192gcm128-sha512,aes192gcm128-aesxcbc,aes192gcm96-md5,aes192gcm96-sha1,aes192gcm96-sha256,aes192gcm96-sha384,aes192gcm96-sha512,aes192gcm96-aesxcbc,aes192gcm64-md5,aes192gcm64-sha1,aes192gcm64-sha256,aes192gcm64-sha384,aes192gcm64-sha512,aes192gcm64-aesxcbc,aes256gcm128-md5,aes256gcm128-sha1,aes256gcm128-sha256,aes256gcm128-sha384,aes256gcm128-sha512,aes256gcm128-aesxcbc,aes256gcm96-md5,aes256gcm96-sha1,aes256gcm96-sha256,aes256gcm96-sha384,aes256gcm96-sha512,aes256gcm96-aesxcbc,aes256gcm64-md5,aes256gcm64-sha1,aes256gcm64-sha256,aes256gcm64-sha384,aes256gcm64-sha512,aes256gcm64-aesxcbc,blowfish256-md5,blowfish256-sha1,blowfish256-sha256,blowfish256-sha384,blowfish256-sha512,blowfish256-aesxcbc,blowfish192-md5,blowfish192-sha1,blowfish192-sha256,blowfish192-sha384,blowfish192-sha512,blowfish192-aesxcbc,blowfish128-md5,blowfish128-sha1,blowfish128-sha256,blowfish128-sha384,blowfish128-sha512,blowfish128-aesxcbc,3des-md5,3des-sha1,3des-sha256,3des-sha384,3des-sha512,3des-aesxcbc,cast128-md5,cast128-sha1,cast128-sha256,cast128-sha384,cast128-sha512,cast128-aesxcbc!<br /> leftauth = psk<br /> rightauth = psk<br /> rightid = Y.Y.Y.Y<br /> aggressive = no<br /> rightsubnet = A.A.A.A/26<br /> leftsubnet = B.B.B.B/24</p>
<p><br /></p>
<p><br /></p>
</body></html>