[strongSwan] recurring problem of PSK, but cannot spot the error

ilyas Guennoun elsa.watson-fzy8fw2 at yopmail.com
Wed Nov 20 16:48:25 CET 2013


Hi all
I am new on StrongSwan, so I may be missing something so obvious, but I spent several hours with no progress

I have installed a Strongswan instance and I am trying to connect it to a cisco router for SME
I control both of them.
My strongSwan instance runs in a virtualbox VM but has an interface on my "real" network 192.168.168.x and another interface to simulate a local network 169.254.229.x

I am trying to create a IP SEC tunnel, with preshared key but I have the following error
Nov 20 16:29:32 ubuntu pluto[4932]: packet from 192.168.168.161:500: initial Main Mode message received on 192.168.168.152:500 but no connection has been authorized with policy=PSK

PSK preshared key defined as follow

---
$ more /etc/ipsec.secrets
192.168.168.152 192.168.168.161 : PSK "password"
include /var/lib/strongswan/ipsec.secrets.inc
---

All my search results indicate that whether ipsec.secrets is not defined well or the preshared key is wrong.
the key is too simple to have an error and the ipsec.secrets file bellow seems fine for me and does not indicate any error when typing $ipsec secrets

ip sec status is as follow
---
$ sudo ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):
000 interface eth0/eth0 2a01:e35:8a29:50d0:a00:27ff:feab:e49:500
000 interface eth0/eth0 2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8:500
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 192.168.168.152:500
000 interface eth1/eth1 169.254.229.110:500
000 %myid = '%any'
000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve
000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore
000
Status of IKEv2 charon daemon (strongSwan 4.5.2):
  uptime: 7 minutes, since Nov 20 16:16:34 2013
  malloc: sbrk 241664, mmap 0, used 136456, free 105208
  worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
  192.168.168.152
  2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8
  2a01:e35:8a29:50d0:a00:27ff:feab:e49
  169.254.229.110
Connections:
  cisco_home:  192.168.168.152...192.168.168.161
  cisco_home:   local:  [swan] uses pre-shared key authentication
  cisco_home:   remote: [cisco] uses pre-shared key authentication
  cisco_home:   child:  169.254.229.0/24 === 192.168.15.0/24
Security Associations:
  none

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131120/7d4b8f7d/attachment.html>


More information about the Users mailing list