[strongSwan] auth fails with "no peer config found...cisco-vpn-client to strongswan-v5.0.4-server (with cisco unity plugin enabled)

Martin Willi martin at strongswan.org
Wed Nov 19 10:41:58 CET 2014


Hi,

> Nothing seems to be working with PSK (if i use RSA certificates for first
> level auth ...then everything works as expected)

> 13[NET] received packet: from 172.29.1.2[1293] to 1.1.1.30[500] (870 bytes)
> 13[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
> 13[IKE] received XAuth vendor ID
> 13[IKE] received DPD vendor ID
> 13[IKE] received FRAGMENTATION vendor ID
> 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> 13[IKE] received Cisco Unity vendor ID
> 13[IKE] 172.29.1.2 is initiating a Aggressive Mode IKE_SA
> 13[CFG] looking for XAuthInitPSK peer configs matching 1.1.1.30...172.29.1.2[clientgrp1]
> 13[IKE] no peer config found

Your client uses Aggressive Mode when using PSK authentication. You'll
have to configure that in your configuration as well, using

  aggressive=yes.

Please note that Aggressive Mode PSK authentication is discouraged
because of its security issues, and is disabled by default in strongSwan
as responder. You'll have to enable "weakSwan" mode by setting the
i_dont_care_about_security_and_use_aggressive_mode_psk option, refer to
[1] for details. You should do that only if you actually do not care
about security, or if you really understand the implications.

Regards
Martin

[1]https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf



More information about the Users mailing list