[strongSwan] ipsec.secrets not read properly anymore
Andreas Steffen
andreas.steffen at strongswan.org
Thu Aug 26 09:43:56 CEST 2010
Hi Niels,
the syntax of the XAUTH secret changed with 4.4.0 in order to
allow 1) multiple XAUTH secrets for a single user, 2) an
optional xauth_identity and 3) to align the IKEv1 XAUTH secret
format with the IKEv2 EAP secret format.
strongSwan version < 4.4.0
: XAUTH <username> "<secret>"
strongSwan version >= 4.4.0
[<servername>] <username> : XAUTH "<secret>"
Please see our examples:
http://www.strongswan.org/uml/testresults44/ikev1/xauth-rsa/
with IKEv1 user identities and
http://www.strongswan.org/uml/testresults44/ikev1/xauth-id-rsa/
with an additional XAUTH user identity.
Regards
Andreas
On 08/26/2010 08:15 AM, Niels Peen wrote:
> Hi,
>
> After upgrading from 4.3.6 to 4.4.1 (on Debian) my ipsec.secrets is not read properly anymore.
>
> My ipsec.secrets:
> ----
> : RSA combined.key.pem
> : XAUTH vpn "vpn"
> ----
>
> Output on 4.3.6:
> ----
> 002 forgetting secrets
> 002 loading secrets from "/etc/ipsec.secrets"
> 002 loaded private key from 'combined.key.pem'
> 002 loaded xauth credentials of user 'vpn'
> ----
>
> Output on 4.4.1:
> ----
> 002 forgetting secrets
> 002 loading secrets from "/etc/ipsec.secrets"
> 002 loaded private key from 'combined.key.pem'
> 002 loaded XAUTH secret for %any
> 003 "/etc/ipsec.secrets" line 2: PSK data malformed (input does not begin with format prefix): vpn
> ----
>
> I could not find any obvious changes in the changelog. Is there anything I'm missing?
>
> Thanks,
> Niels
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list