[strongSwan] ipsec.secrets not read properly anymore

Niels Peen niels.peen at me.com
Thu Aug 26 09:47:27 CEST 2010


Hi Andreas,

That solved things. Much appreciated!

Best regards,
Niels


On 26 Aug 2010, at 3:43 PM, Andreas Steffen wrote:

> Hi Niels,
> 
> the syntax of the XAUTH secret changed with 4.4.0 in order to
> allow 1) multiple XAUTH secrets for a single user, 2) an
> optional xauth_identity and 3) to align the IKEv1 XAUTH secret
> format with the IKEv2 EAP secret format.
> 
> strongSwan version < 4.4.0
> 
> : XAUTH <username> "<secret>"
> 
> strongSwan version >= 4.4.0
> 
> [<servername>] <username> : XAUTH "<secret>"
> 
> Please see our examples:
> 
>  http://www.strongswan.org/uml/testresults44/ikev1/xauth-rsa/
> 
> with IKEv1 user identities and
> 
> http://www.strongswan.org/uml/testresults44/ikev1/xauth-id-rsa/
> 
> with an additional XAUTH user identity.
> 
> Regards
> 
> Andreas
> 
> On 08/26/2010 08:15 AM, Niels Peen wrote:
>> Hi,
>> 
>> After upgrading from 4.3.6 to 4.4.1 (on Debian) my ipsec.secrets is not read properly anymore.
>> 
>> My ipsec.secrets:
>> ----
>> : RSA combined.key.pem
>> : XAUTH	vpn "vpn"
>> ----
>> 
>> Output on 4.3.6:
>> ----
>> 002 forgetting secrets
>> 002 loading secrets from "/etc/ipsec.secrets"
>> 002   loaded private key from 'combined.key.pem'
>> 002   loaded xauth credentials of user 'vpn'
>> ----
>> 
>> Output on 4.4.1:
>> ----
>> 002 forgetting secrets
>> 002 loading secrets from "/etc/ipsec.secrets"
>> 002   loaded private key from 'combined.key.pem'
>> 002   loaded XAUTH secret for %any
>> 003 "/etc/ipsec.secrets" line 2: PSK data malformed (input does not begin with format prefix): vpn
>> ----
>> 
>> I could not find any obvious changes in the changelog. Is there anything I'm missing?
>> 
>> Thanks,
>> Niels
>> 
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==





More information about the Users mailing list