[strongSwan] recurring problem of PSK, but cannot spot the error

Noel Kuntze noel at familie-kuntze.de
Wed Nov 20 17:48:05 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ilyas,

You can gather more information about what is happening by activating logging.
A link to that is here [1].

[1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration

Regards
Noel Kuntze

On 20.11.2013 16:48, ilyas Guennoun wrote:
> Hi all
> I am new on StrongSwan, so I may be missing something so obvious, but I spent several hours with no progress
>
> I have installed a Strongswan instance and I am trying to connect it to a cisco router for SME
> I control both of them.
> My strongSwan instance runs in a virtualbox VM but has an interface on my "real" network 192.168.168.x and another interface to simulate a local network 169.254.229.x
>
> I am trying to create a IP SEC tunnel, with preshared key but I have the following error
> Nov 20 16:29:32 ubuntu pluto[4932]: packet from 192.168.168.161:500: initial Main Mode message received on 192.168.168.152:500 but no connection has been authorized with policy=PSK
>
> PSK preshared key defined as follow
>
> ---
> $ more /etc/ipsec.secrets
> 192.168.168.152 192.168.168.161 : PSK "password"
> include /var/lib/strongswan/ipsec.secrets.inc
> ---
>
> All my search results indicate that whether ipsec.secrets is not defined well or the preshared key is wrong.
> the key is too simple to have an error and the ipsec.secrets file bellow seems fine for me and does not indicate any error when typing $ipsec secrets
>
> ip sec status is as follow
> ---
> $ sudo ipsec statusall
> 000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):
> 000 interface eth0/eth0 2a01:e35:8a29:50d0:a00:27ff:feab:e49:500
> 000 interface eth0/eth0 2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8:500
> 000 interface lo/lo ::1:500
> 000 interface lo/lo 127.0.0.1:500
> 000 interface eth0/eth0 192.168.168.152:500
> 000 interface eth1/eth1 169.254.229.110:500
> 000 %myid = '%any'
> 000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve
> 000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore
> 000
> Status of IKEv2 charon daemon (strongSwan 4.5.2):
>   uptime: 7 minutes, since Nov 20 16:16:34 2013
>   malloc: sbrk 241664, mmap 0, used 136456, free 105208
>   worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0
>   loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
> Listening IP addresses:
>   192.168.168.152
>   2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8
>   2a01:e35:8a29:50d0:a00:27ff:feab:e49
>   169.254.229.110
> Connections:
>   cisco_home:  192.168.168.152...192.168.168.161
>   cisco_home:   local:  [swan] uses pre-shared key authentication
>   cisco_home:   remote: [cisco] uses pre-shared key authentication
>   cisco_home:   child:  169.254.229.0/24 === 192.168.15.0/24
> Security Associations:
>   none
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSjOfFAAoJEDg5KY9j7GZYoEgP/1Xbm7egwHkewQCGGq7JWvxZ
nSIM0HtIBUeqldnvPpX/pmA+X4evdsw71wz7rcb4SCPsXKqqgOvBKAGdwxIzpG1M
xi4IoX+PGmSVUTMMCHuSe1bWjTREM1EXXEo+7dTxUw+OcT7ItRQ89igGDCGJLtqB
nfE/3SaSQAz3SEAC07Hd5bJJ5aEU4FV60VbxOqRrIybsvN087aXVlLvUeeF8XA+Y
i5kN0a3VlqifA2zjcUnd4uw0wnFJ4Tk/59oBGoOBk2Ev7J+I2C/o+WlFzCYn/iDA
0+C4zqCwMYKyF10NMx6n37L6RdJFhQZLMV6PDbKf/czVIrM5M7XCQOjt3IYyQd6r
X84mJV3qI+Bth5/NpPUccySQAtDQPBCHxsQ+trB6YSKqVBIS0kTTheNj0181XX6P
f6WadZ7PM/LMaU6l3MrzIe5Q8Ndsc/Dx/zGprkTFwsDCu62QhVWG0hCxYy6FEdBO
5KK5Sl/7GbCsoK/c9PAjME8t6v1cTRNgfa2sUarM1zhb0zj8j+8EPUwKHrYnBY+8
4QjtMDYUvHAawwQ/Lk+xKJcjty4FYYbOJZq/SXIKfd0u+OtS7S2ZP/9xyIq+ptsE
bKNpyTWFesIp8hlcbWQSj37zevX+4dj9s8QKlez2aNHvEbhPtB0KIAFTeoyEIW/G
nIvaxLuGB+hta03rBrt8
=llPJ
-----END PGP SIGNATURE-----





More information about the Users mailing list