[strongSwan] netgear fvx538 no connection has been authorized with policy=PSK full night working but no cigar

Andreas Steffen andreas.steffen at strongswan.org
Sun Dec 19 10:43:16 CET 2010 

Hello Renato,

which strongSwan version are you using? Starting with
4.5.0 the default for

  keyexchange=ike

switched from ikev1 to ikev2. Therefore pluto wouldn't
see your IKEv2 connection definition.

Regards

Andreas

On 19.12.2010 04:38, renato gallo wrote:
> please I pray you HELP.
> 
> the problem is .....
> 
> packet from 84.202.150.225:500: initial Main Mode message received on
> 192.168.0.5:500 but no connection has been authorized with policy=PSK
> 
> 
> cat ipsec.secrets
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
> : PSK "not posting the pass"
> 
> cat ipsec.conf
> # ipsec.conf - strongSwan IPsec configuration file
> 
> config setup
>         interfaces="ipsec0=eth0"
>         plutostart=yes
>         charonstart=yes
>         plutodebug=all
>         strictcrlpolicy=yes
>         nat_traversal=yes
>         klipsdebug=all
>         uniqueids=yes
> 
> conn fvx538
>         authby=secret            #tells it to use a PSK for authentication
>         type=tunnel
>         left= %defaultroute         #WAN ip address of local CC router
>         leftsubnet=192.168.0.0/24     #ip address of CC LAN subnet
>         leftnexthop=192.168.0.3     #ip address of local CC?s internet gateway
>         leftid=82.148.186.244         #WAN IP
>         right=84.202.150.225         #WAN ip address of remote netgear fvs318
>         rightnexthop=84.202.150.225        #ip address of remote netgear?s internet gateway
>         rightsubnet=10.0.0.0/24     #ip address of netear LAN subnet
>         rightid=84.202.150.225        #WAN IP
>         ike=3des-sha1-modp1024        #ike policy settings, could not get aes128 or aes256 to work
>         ikelifetime=1440m        #ike lifetime
>         keylife=480m            #key life
>         pfs=no                #pfs is off, could not get pfs working
>         keyexchange=ike            #tell it to use ike(not AH)
>         auto=start            #start when ipsec(openswan) starts
>         esp=3des-sha1            #phase 2 encryption, no pfs defined. Netgear ?VPN policy?

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list