[strongSwan] Choosing the left ip address automatically for charon.

Tue Oct 2 09:17:48 CEST 2012

Hello All,
 I am using strongswan 4.5.2-1.2(charon) and PSK authentication.
 The problem I am facing is quite straight forward. I know the remote
IP(192.168.0.2) address to put in the ipsec.conf. But I do not know
the local IP address and want it to be automatically figured out.

Looking at the ipsec.conf man page, says left=%any should do the job.
But it does not. Some handshaking messages are exchanged first, but
then it errors out with the following message in the log file:

Oct  1 23:56:10 moon charon: 15[NET] sending packet: from
192.168.0.1[4500] to 192.168.0.2[4500]
Oct  1 23:56:10 moon charon: 08[NET] received packet: from
192.168.0.2[4500] to 192.168.0.1[4500]
Oct  1 23:56:10 moon charon: 08[ENC] parsed IKE_AUTH response 1 [
N(AUTH_FAILED) ]
Oct  1 23:56:10 moon charon: 08[IKE] received AUTHENTICATION_FAILED notify error

I know that I am missing something. Searching the archives did not
give out a clear answer (I tried out setting a random leftid etc)

My ipsec.secrets:
: PSK  "guru"

I have also tried with
%any 192.168.0.2 : PSK "guru"

Summary of my ipsec.conf
config setup
        nat_traversal=no
        charonstart=yes
        plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=psk
        keyexchange=ikev2
        installpolicy=yes

conn sample-self-signed
      ike=aes-sha1-modp1024,aes-md5-modp1024
      esp=aes128gcm16-modp2048,aes-sha1-modp1024,aes-md5-modp1024
      type=transport
      left=%any
      right=192.168.0.2
      auto=start

Replacing "%any" by 192.168.0.1 works fine. But that is not what I want.
Please help.

Thanks,
Guru