[strongSwan] no psk found, but works on openswan

[Omar Armas]

Hi, I have a debian box with static public IP and remote sites using
Sonicwall devices and want to establish a tunnel between them.
I use PSK for auth and I have a case where  the tunnel is established with
Openswan, but not with Strongswan(which I´d prefer to use)

This is my ipsec.conf:

----------
version 2.0
config setup
plutodebug=all
klipsdebug=all
#charondebug=all
nat_traversal=no
#charonstart=yes
#plutostart=yes

conn %default
type=tunnel
leftsubnet=192.168.230.0/24
left=LeftIP
leftid=LeftP
leftnexthop=LeftGW
#keyexchange=ikev2
leftsourceip=192.168.230.50
authby=secret

conn to-federalismo
auth=esp
ike=3des-sha1-modp1024!
ikelifetime=28800s
esp=null-sha1
dpdaction=clear
leftsourceip=192.168.230.1
pfs=no
keyingtries=1
authby=secret
#right=domain1.dyndns.org
right=%any
rightsubnet=192.168.110.0/24
rightid=@domain1.dyndns.org
auto=add

include /etc/ipsec.d/examples/no_oe.conf
----------


And ipsec.secrets:

------
#@domain1.dyndns.org IPLocal : PSK "temporal"
%any IPLocal : PSK "temporal"
------


Using exactly the same config files, the tunnel works with Openswan, but
with Strongswan I get:

"Jan  4 16:34:08 debian pluto[22010]: "to-federalismo"[3] IPRemote #3: Can't
authenticate: no preshared key found for `IPLocal' and `%any'.  Attribute
OAKLEY_AUTHENTICATION_METHOD"

even though the ipsec.secrets files is confirmed with "ipsec rereadsecrets"
succesfully.

If I change the right parameter to "right=domain1.dyndns.org" and uncomment
the corresponding ipsec.secrets file, it works with Strongswan, but only for
the first tunnel, the second (anoterh sonicwall device with dyndns) fails to
work.
What can I do for Strongswan to accept the "right=%any" option? I tried
enabling charon and didn´t work either.

Regards,


Omar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110104/728bd8cb/attachment.html>