[strongSwan] no psk found, but works on openswan

Omar Armas omar.armas at gmail.com
Wed Jan 5 05:18:56 CET 2011


>
>
> since only a single common PSK can be used with IKEv1 Main Mode
> and dynamic IP addresses, why don't you just define
>
> : PSK "temporal"
>
>
Hi, when I use above PSK setup, the first tunnel works, but for the second,
with identical dynamic configuration on the remote site and , I get:

"initial Main Mode message received on 200.38.56.150:500 but no connection
has been authorized with policy=PSK"

On ipsec.conf I have this for both remote sites:

conn site1
#keyexchange=ikev1
auth=esp
ike=3des-sha1-modp1024
ikelifetime=28800s
esp=null-sha1
dpdaction=clear
leftsourceip=192.168.230.1
pfs=no
keyingtries=1
authby=secret
#right=site1.dyndns.org
right=%any
rightsubnet=192.168.110.0/24
rightid=@site1.dyndns.org
#rightid=%any
auto=add

conn to-mariano-otero
#keyexchange=ikev1
auth=esp
ike=3des-sha1-modp1024
ikelifetime=28800s
esp=null-sha1
dpdaction=clear
leftsourceip=192.168.230.1
pfs=no
keyingtries=1
authby=secret
#right=mariano-otero.dyndns.org
right=%any
rightsubnet=192.168.111.0/24
rightid=@mariano-otero.dyndns.org
auto=add


And when I try with ikev2 (enabling charonstart and charondebug=all) on
Strongswan and remote devices, the same happens, only one tunnel is
established
By the way, I get almost no debug information with charon, just a line
saying:

"Jan  4 22:09:18 debian charon: 10[IKE] RemoteIP is initiating an IKE_SA"

is this normal?

Any idea why I can´t make more tunnels to work? On this latter setup the
Sonicwall logs reads "invalid payload".


-- 
Omar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110104/7a9f5b41/attachment.html>


More information about the Users mailing list