[strongSwan] netgear fvx538 no connection has been authorized with policy=PSK full night working but no cigar

Andreas Steffen andreas.steffen at strongswan.org
Sun Dec 19 10:43:16 CET 2010

Hello Renato,

which strongSwan version are you using? Starting with
4.5.0 the default for


switched from ikev1 to ikev2. Therefore pluto wouldn't
see your IKEv2 connection definition.



On 19.12.2010 04:38, renato gallo wrote:
> please I pray you HELP.
> the problem is .....
> packet from initial Main Mode message received on
> but no connection has been authorized with policy=PSK
> cat ipsec.secrets
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
> : PSK "not posting the pass"
> cat ipsec.conf
> # ipsec.conf - strongSwan IPsec configuration file
> config setup
>         interfaces="ipsec0=eth0"
>         plutostart=yes
>         charonstart=yes
>         plutodebug=all
>         strictcrlpolicy=yes
>         nat_traversal=yes
>         klipsdebug=all
>         uniqueids=yes
> conn fvx538
>         authby=secret            #tells it to use a PSK for authentication
>         type=tunnel
>         left= %defaultroute         #WAN ip address of local CC router
>         leftsubnet=     #ip address of CC LAN subnet
>         leftnexthop=     #ip address of local CC?s internet gateway
>         leftid=         #WAN IP
>         right=         #WAN ip address of remote netgear fvs318
>         rightnexthop=        #ip address of remote netgear?s internet gateway
>         rightsubnet=     #ip address of netear LAN subnet
>         rightid=        #WAN IP
>         ike=3des-sha1-modp1024        #ike policy settings, could not get aes128 or aes256 to work
>         ikelifetime=1440m        #ike lifetime
>         keylife=480m            #key life
>         pfs=no                #pfs is off, could not get pfs working
>         keyexchange=ike            #tell it to use ike(not AH)
>         auto=start            #start when ipsec(openswan) starts
>         esp=3des-sha1            #phase 2 encryption, no pfs defined. Netgear ?VPN policy?

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list