[strongSwan] no connection has been authorized with policy=PSK

Luca Salvatore Luca at ninefold.com
Tue Jul 24 02:48:08 CEST 2012


Hi,
I have seen the question asked a few times and now I'm hitting this issue.  I have a template that i use of the ipsec.conf file.  The template has worked previously but now has stopped and i get this error in the auth.log file:

"packet from 125.7.xxx.xxx:500: initial Main Mode message received on 10.45.95.224:500 but no connection has been authorized with policy=PSK"

My ipsec.conf file is:

user at ubuntu:/etc$ cat ipsec.conf
#ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
        plutodebug=all
        charonstart=yes
        nat_traversal=yes
        plutostart=yes
# Add connections here.
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=psk
conn net-net
       #Local
        left=10.45.95.224
        leftsubnet=10.45.80.0/20
        leftfirewall=yes
        #
        #Remote
        right=125.7.xxx.xxx
        rightsubnet=192.168.201.0/24
        auto=add
        #
        #IPSec
        pfs=no
        auth=esp
        esp=aes-sha
        ike=aes256-sha-modp1024
        type=tunnel

include /var/lib/strongswan/ipsec.conf.inc



ipsec.secrets file:
include /var/lib/strongswan/ipsec.secrets.inc

10.45.95.224 : PSK "crazy-strong-key"
125.7.xxx.xxx : PSK "crazy-strong-key"

Ipsec status:
etc$ sudo ipsec status
000 "net-net": 10.45.80.0/20===10.45.95.224:4500[10.45.95.224]...125.7.xxx.xxx:4500[125.7.100.225]===192.168.201.0/24; unrouted; eroute owner: #0
000 "net-net":   newest ISAKMP SA: #1; newest IPsec SA: #0;
000
000 #1: "net-net" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2662s; newest ISAKMP
000
Security Associations:
  none


Like i said, this exact configuration has worked but now for some reason has stopped.... Any help would be greatly appreciated.

Cheers,
Luca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120724/adae5c34/attachment.html>


More information about the Users mailing list