[strongSwan] no connection has been authorized with policy=PSK

Bonato, Stefano stefano.bonato at hp.com
Sun Dec 22 14:53:44 CET 2013 

Hi !
I have a strange situation ... PSK error ... :
" but no connection has been authorized with policy=PSK"

THANKS A LOT FOR ANY suggestion ...

Steve.
Stefano.Bonato at hp.com


AUTH.LOG:
Dec 22 13:50:26 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [strongSwan]
Dec 22 13:50:26 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [XAUTH]
Dec 22 13:50:26 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [Dead Peer Detection]
Dec 22 13:50:26 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: initial Main Mode message received on 192.168.13.3:500 but no connection has been authorized with policy=PSK

AUTH.LOG
Dec 22 13:48:25 vpn-steve-gw ipsec_starter[5637]: Starting strongSwan 4.5.2 IPsec [starter]...
Dec 22 13:48:25 vpn-steve-gw sudo: pam_unix(sudo:session): session closed for user root
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: Starting IKEv1 pluto daemon (strongSwan 4.5.2) THREADS SMARTCARD VENDORID
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: listening on interfaces:
Dec 22 13:48:25 vpn-steve-gw pluto[5656]:   eth0
Dec 22 13:48:25 vpn-steve-gw pluto[5656]:     192.168.13.3
Dec 22 13:48:25 vpn-steve-gw pluto[5656]:     fe80::f816:3eff:fe3a:9677
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve
Dec 22 13:48:25 vpn-steve-gw pluto[5656]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Dec 22 13:48:25 vpn-steve-gw ipsec_starter[5655]: pluto (5656) started after 20 ms
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: no token present in slot 18446744073709551615
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: loading ca certificates from '/etc/ipsec.d/cacerts'
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: loading aa certificates from '/etc/ipsec.d/aacerts'
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: Changing to directory '/etc/ipsec.d/crls'
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: loading attribute certificates from '/etc/ipsec.d/acerts'
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: spawning 4 worker threads
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: listening for IKE messages
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: adding interface eth0/eth0 192.168.13.3:500
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: adding interface lo/lo 127.0.0.1:500
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: adding interface lo/lo ::1:500
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: loading secrets from "/etc/ipsec.secrets"
Dec 22 13:48:25 vpn-steve-gw pluto[5656]:   loaded PSK secret for 2.40.85.224 15.126.251.57 192.168.13.3 192.168.0.4
Dec 22 13:48:25 vpn-steve-gw pluto[5656]: added connection description "steve"
Dec 22 13:48:36 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [strongSwan]
Dec 22 13:48:36 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [XAUTH]
Dec 22 13:48:36 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [Dead Peer Detection]
Dec 22 13:48:36 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: initial Main Mode message received on 192.168.13.3:500 but no connection has been authorized with policy=PSK
Dec 22 13:48:46 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [strongSwan]
Dec 22 13:48:46 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [XAUTH]
Dec 22 13:48:46 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [Dead Peer Detection]
Dec 22 13:48:46 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: initial Main Mode message received on 192.168.13.3:500 but no connection has been authorized with policy=PSK
Dec 22 13:49:06 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [strongSwan]
Dec 22 13:49:06 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [XAUTH]
Dec 22 13:49:06 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: received Vendor ID payload [Dead Peer Detection]
Dec 22 13:49:06 vpn-steve-gw pluto[5656]: packet from 2.40.85.224:7076: initial Main Mode message received on 192.168.13.3:500 but no connection has been authorized with policy=PSK


IPSEC.CONF:

config setup
        # interfaces="ipsec0=eth0"
        plutodebug=none
        # plutodebug=all
        crlcheckinterval=180s
        strictcrlpolicy=no
        # cachecrls=yes
        nat_traversal=no
        charonstart=no
        # charonstart=yes
        plutostart=yes

conn %default
      type=tunnel
      ikelifetime=28800s
      keylife=86400s
      rekeymargin=3m
      keyingtries=%forever
      dpdaction=clear
      dpddelay=30s
      keyexchange=ikev1
      ike=3des-md5-modp1024
      esp=3des-md5-modp1024
      pfs=yes
      compress=no
      # authby=secret
      auth=esp

conn steve
      authby=psk
      leftauth=psk
      rightauth=psk
      type=tunnel
      ikelifetime=28800s
      keylife=86400s
      rekeymargin=3m
      keyingtries=%forever
      keyexchange=ikev1
      ike=3des-md5-modp1024
      esp=3des-md5-modp1024
      pfs=yes
      compress=no
      auth=esp
      leftid=192.168.13.3
      left=192.168.13.3
      leftsubnet=192.168.13.0/24
      leftsourceip=192.168.13.3
      leftfirewall=no
      rightid=2.40.85.224
      right=2.40.85.224
      rightsubnet=192.168.0.0/24
      rightfirewall=no
      rightsourceip=192.168.0.4
      dpdaction=hold
      dpddelay=60
      dpdtimeout=500
      auto=add




[cid:image001.png at 01CD29FE.2E354F10]


Stefano Bonato
ALM Managing Consultant
HP Software Professional Services<http://www8.hp.com/us/en/software-solutions/software.html?compURI=1173876>
Hewlett-Packard Company
email: stefano.bonato at hp.com<mailto:stefano.bonato at hp.com>    phone: + 39 348 8513451
http://www.hp.com/


Follow HP Italia on:
[http://blog.privacychoice.org/wp-content/uploads/2013/03/LinkedIn-Logo-022.png]<http://www.linkedin.com/company/hewlett-packard>[http://3.bp.blogspot.com/-avfQU90rrXE/UQC8FI_oi8I/AAAAAAAAEvQ/sMsHyJe6dQA/s1600/fb.png]<https://www.facebook.com/HPItalia>[http://www.psicologialavoro.it/wp-content/uploads/marketing-psicologo-su-slideshare.png]<http://www.slideshare.net/HPEnterpriseIT>[http://icons.iconarchive.com/icons/fasticon/web-2/256/Twitter-icon.png]<https://twitter.com/HPEnterpriseIT>[cid:image011.png at 01CEDB1E.56C53670]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4698 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 3750 bytes
Desc: image002.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2450 bytes
Desc: image003.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 3367 bytes
Desc: image004.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2231 bytes
Desc: image005.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 4143 bytes
Desc: image006.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 3729 bytes
Desc: image007.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 4353 bytes
Desc: image008.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 3039 bytes
Desc: image009.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 15644 bytes
Desc: image010.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131222/ae2eab7f/attachment-0009.png>

More information about the Users mailing list