[strongSwan] recurring problem of PSK, but cannot spot the error

Izz Abdullah izz.abdullah at wepanow.com
Wed Nov 20 20:32:47 CET 2013


Disregard.  I just realized you are using strongSwan 4.x, which I cannot speak to.



________________________________

From: Izz Abdullah <izz.abdullah at wepanow.com><mailto:izz.abdullah at wepanow.com>
Sent: Wednesday, November 20, 2013 13:30
To: Noel Kuntze <noel at familie-kuntze.de><mailto:noel at familie-kuntze.de>, ilyas Guennoun <elsa.watson-fzy8fw2 at yopmail.com><mailto:elsa.watson-fzy8fw2 at yopmail.com>, users at lists.strongswan.org<mailto:users at lists.strongswan.org> <users at lists.strongswan.org><mailto:users at lists.strongswan.org>
Subject: Re: [strongSwan] recurring problem of PSK, but cannot spot the error

Here is an example of the first line of our ipsec.secrets file:

[root at vpc2-ipsec-1-121 ~]# cat /etc/ipsec.secrets
204.77.193.133 : PSK 99c10XXd0weo0023802pdnikfe0002o2l

All of the PSKs do NOT have "s.

<Remote Peer ID> : PSK <PSK_VALUE>


I noticed you were using ipsecure.secrets?  Was that a typo?  it ipsec.secrets.   Please set leftid and rightid to be names of your local and remote peers respectively.  That is how the ipsec.secrets file makes a correlation to a connection setup in your conf file.


________________________________

From: Noel Kuntze <noel at familie-kuntze.de><mailto:noel at familie-kuntze.de>
Sent: Wednesday, November 20, 2013 13:23
To: ilyas Guennoun <elsa.watson-fzy8fw2 at yopmail.com><mailto:elsa.watson-fzy8fw2 at yopmail.com>, users at lists.strongswan.org<mailto:users at lists.strongswan.org> <users at lists.strongswan.org><mailto:users at lists.strongswan.org>, izz.abdullah at wepanow.com<mailto:izz.abdullah at wepanow.com> <izz.abdullah at wepanow.com><mailto:izz.abdullah at wepanow.com>
Subject: Re: [strongSwan] recurring problem of PSK, but cannot spot the error


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ilyas,

You need to put "s around the password.

Regards
Noel Kuntze

On 20.11.2013 20:21, ilyas Guennoun wrote:


So I set debug level to 4 for ike, kernel, config and network

I removed the ids to keep the minimum configuration (for better understanding) so I used IP adresses only.
conn cisco_home
        left=192.168.168.152
        leftsubnet=169.254.229.0/24
        leftauth=psk
        right=192.168.168.161
        rightsubnet=192.168.15.0/24
        rightauth=psk
        type=tunnel
        ike=aes128-sha1-modp1024
        esp=aes128-sha1
        auto=add

and ipsecure.secrets
192.168.168.152 192.168.168.161 : PSK password
include /var/lib/strongswan/ipsec.secrets.inc


BUT, i have the error when removing the quotes
$ ipsec secrets
002 loading secrets from "/etc/ipsec.secrets"
002   loaded PSK secret for 192.168.168.152 192.168.168.161
003 "/etc/ipsec.secrets" line 10: PSK data malformed (input does not begin with format prefix): password
002 loading secrets from "/var/lib/strongswan/ipsec.secrets.inc"

the version I am using
$ ipsec version
Linux strongSwan U4.5.2/K3.2.0-29-generic-pae

latest in ubuntu repo
*


From:* Izz Abdullah <izz.abdullah at wepanow.com><mailto:izz.abdullah at wepanow.com>
*Sent:* Wednesday, November 20, 2013 10:52
*To:* users at lists.strongswan.org<mailto:users at lists.strongswan.org> <users at lists.strongswan.org><mailto:users at lists.strongswan.org>
*Subject: *Re: [strongSwan] recurring problem of PSK, but cannot spot the error

I ran into this same problem when I first setup strongSwan.  The ipsec.secrets file is in the format like so:
RemoteID : PSK PSK_VALUE
192.168.168.161 : PSK password
No need for quotes, and since your ID of the remote peer is the same as the IP, then the above should work.


*Izz Abdullah*
/Senior Systems Engineer/
Izz.Abdullah at wepanow.com<mailto:Izz.Abdullah at wepanow.com> <mailto:izz.abdullah at wepanow.com><mailto:izz.abdullah at wepanow.com>
205.605.6039 Office
800.675.7639 Toll Free
www.wepanow.com<http://www.wepanow.com>


_______________________________________________
Users mailing list
Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>
https://lists.strongswan.org/mailman/listinfo/users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSjQwTAAoJEDg5KY9j7GZYLhgP/RVX2PH74O1nu7ftI97/PFc7
OHSMXdDsfcld0QzKGDzQBKMKERFuRE688au7xPtpkno8S070eVSZmtSLrRbZDGJk
5hE8idCQ6H1vR/cSlxCt5XQodLt7/1haQgHFKZfTsITVEjyQhZhojtjG7VoZF5nk
jeyKcf/r9trazcdSFgElDSggyOUvb3MqootqWw1S/j9iSLoILLLdHnpVEWZvSrql
QaanSNPEMOwH09GK0zhc838A4rSCYAAwF31ZZR4x8CcN0wr01x20DncvzdQ7S0BT
z1AeHyPQFVuODGx9eltlgK15PytBgNQ1hJnG0rNXDum7xOVYU9vpd8Xvampw0T1y
Y2aV2gjU/94IgMrDSPaODh2llYlqjbvEAQJOTZ12w34+5tg4LcyAEFqQwQelmbyk
x3egYQjf4fzkT/4bhdsfiG7HEp2QF/CL+oYv+VZeH7r4/L2Wdpe43SeELfxpo7VW
bDC4vwVzj1bsKB2kiT4hTWmvVeM41k/dUdnmFr0C+CQQ48VyCBgL82oYPF4XbC/J
Df+PSLav7em+ossMsq50EWa22btm3DaAKsWp7oy+vSlc8lMrVHs+jk3J4hFKiP5B
PBhKXUfu36jLckNi7vqZVAXnNaTOuP6pdm1+L/3LKNLNuSZBfYKVDtOxliQoV8+Y
9LSJ3pnp1Zx4cKPHr/zW
=6HV0
-----END PGP SIGNATURE-----








_______________________________________________
Users mailing list
Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>
https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131120/8108b2b3/attachment.html>


More information about the Users mailing list