[strongSwan] IPSec session not getting established
ashok kj
ashok_asij at yahoo.com
Tue Aug 4 12:05:39 CEST 2015
Thanks Tobias,
I was under the impression authby=secret will be same as left|rightauth=psk.
Thanks for your perfect shot.
RegardsAshok
On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <tobias at strongswan.org> wrote:
Hi Ashok,
> I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
>
> ...
> Aug 3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for 'moon.strongswan.org'
> ...
>
> May I know what am I missing?
A lesson in reading the log and status output perhaps ;-) The log
message above indicates that the daemon does not find a _private_ key,
not a _shared_ key. That's because the connection is set to use public
key authentication, not pre-shared key authentication, as can be seen in
the output here:
> root at user-Lenovo-Product:/home/user# ipsec statusall
> ...
> home: 192.168.1.5...192.168.1.16 IKEv1/2
> home: local: [moon.strongswan.org] uses public key authentication
> home: remote: [ashok at strongswan.org] uses public key authentication
This is, of course, due to the `left|rightauth=psk` options you
commented out in ipsec.conf (the default is `pubkey`):
> conn home
> left=192.168.1.5
> leftid=@moon.strongswan.org
> # leftauth=psk
> # leftauth=pubkey
> leftsubnet=192.168.1.5/32
> leftfirewall=yes
> right=192.168.1.16
> rightid=ashok at strongswan.org
> rightsubnet=192.168.1.16/32
> # rightauth=psk
> ike=3des-md5-modp768!
> esp=aes128-sha1-modp1024!
> # auto=add
> auto=start
Regards,
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150804/a3d5048a/attachment.html>
More information about the Users
mailing list