[strongSwan] IPSec session not getting established

ashok kj ashok_asij at yahoo.com
Tue Aug 4 12:05:39 CEST 2015

Thanks Tobias,
I was under the impression authby=secret will be same as left|rightauth=psk. 
Thanks for your perfect shot.

     On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <tobias at strongswan.org> wrote:

 Hi Ashok,

> I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
> ...
> Aug  3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for 'moon.strongswan.org'
> ...
> May I know what am I missing?

A lesson in reading the log and status output perhaps ;-)  The log
message above indicates that the daemon does not find a _private_ key,
not a _shared_ key.  That's because the connection is set to use public
key authentication, not pre-shared key authentication, as can be seen in
the output here:

> root at user-Lenovo-Product:/home/user# ipsec statusall
> ...
>        home:  IKEv1/2
>        home:  local:  [moon.strongswan.org] uses public key authentication
>        home:  remote: [ashok at strongswan.org] uses public key authentication

This is, of course, due to the `left|rightauth=psk` options you
commented out in ipsec.conf (the default is `pubkey`):

> conn home
>        left=
>        leftid=@moon.strongswan.org
> #        leftauth=psk
> #      leftauth=pubkey
>        leftsubnet=
>        leftfirewall=yes
>        right=
>        rightid=ashok at strongswan.org
>        rightsubnet=
> #        rightauth=psk
>        ike=3des-md5-modp768!
>        esp=aes128-sha1-modp1024!
> #        auto=add
>        auto=start


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150804/a3d5048a/attachment.html>

More information about the Users mailing list