[strongSwan] no connection has been authorized with policy=PSK
Luca Salvatore
Luca at ninefold.com
Tue Jul 24 02:48:08 CEST 2012
Hi,
I have seen the question asked a few times and now I'm hitting this issue. I have a template that i use of the ipsec.conf file. The template has worked previously but now has stopped and i get this error in the auth.log file:
"packet from 125.7.xxx.xxx:500: initial Main Mode message received on 10.45.95.224:500 but no connection has been authorized with policy=PSK"
My ipsec.conf file is:
user at ubuntu:/etc$ cat ipsec.conf
#ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
plutodebug=all
charonstart=yes
nat_traversal=yes
plutostart=yes
# Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=psk
conn net-net
#Local
left=10.45.95.224
leftsubnet=10.45.80.0/20
leftfirewall=yes
#
#Remote
right=125.7.xxx.xxx
rightsubnet=192.168.201.0/24
auto=add
#
#IPSec
pfs=no
auth=esp
esp=aes-sha
ike=aes256-sha-modp1024
type=tunnel
include /var/lib/strongswan/ipsec.conf.inc
ipsec.secrets file:
include /var/lib/strongswan/ipsec.secrets.inc
10.45.95.224 : PSK "crazy-strong-key"
125.7.xxx.xxx : PSK "crazy-strong-key"
Ipsec status:
etc$ sudo ipsec status
000 "net-net": 10.45.80.0/20===10.45.95.224:4500[10.45.95.224]...125.7.xxx.xxx:4500[125.7.100.225]===192.168.201.0/24; unrouted; eroute owner: #0
000 "net-net": newest ISAKMP SA: #1; newest IPsec SA: #0;
000
000 #1: "net-net" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2662s; newest ISAKMP
000
Security Associations:
none
Like i said, this exact configuration has worked but now for some reason has stopped.... Any help would be greatly appreciated.
Cheers,
Luca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120724/adae5c34/attachment.html>
More information about the Users
mailing list