[strongSwan] IPSec session not getting established

Noel Kuntze noel at familie-kuntze.de
Tue Aug 4 13:48:04 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ashok

conn %default != conn default

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 04.08.2015 um 12:05 schrieb ashok kj:
> Thanks Tobias,
>
> I was under the impression authby=secret will be same as left|rightauth=psk.
> Thanks for your perfect shot.
>
> Regards
> Ashok
>
>
>
> On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>
>
> Hi Ashok,
>
> > I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
> >
> > ...
> > Aug  3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for 'moon.strongswan.org'
> > ...
> >
> > May I know what am I missing?
>
> A lesson in reading the log and status output perhaps ;-)  The log
> message above indicates that the daemon does not find a _private_ key,
> not a _shared_ key.  That's because the connection is set to use public
> key authentication, not pre-shared key authentication, as can be seen in
> the output here:
>
> > root at user-Lenovo-Product <mailto:root at user-Lenovo-Product>:/home/user# ipsec statusall
> > ...
> >        home:  192.168.1.5...192.168.1.16  IKEv1/2
> >        home:  local:  [moon.strongswan.org] uses public key authentication
> >        home:  remote: [ashok at strongswan.org <mailto:ashok at strongswan.org>] uses public key authentication
>
> This is, of course, due to the `left|rightauth=psk` options you
> commented out in ipsec.conf (the default is `pubkey`):
>
>
> > conn home
> >        left=192.168.1.5
> >        leftid=@moon.strongswan.org
> > #        leftauth=psk
> > #      leftauth=pubkey
> >        leftsubnet=192.168.1.5/32
> >        leftfirewall=yes
> >        right=192.168.1.16
> >        rightid=ashok at strongswan.org <mailto:ashok at strongswan.org>
> >        rightsubnet=192.168.1.16/32
> > #        rightauth=psk
> >        ike=3des-md5-modp768!
> >        esp=aes128-sha1-modp1024!
> > #        auto=add
> >        auto=start
>
> Regards,
>
> Tobias
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVwKZyAAoJEDg5KY9j7GZYbGoQAIiUzSwVzI9D+dk9peZKe0t6
Iaf4RvQ5YOuqfJhYgohwjitkz4l6QLQvh76RXTSsphVVZwaxEfVoI03H0jIxeyjB
RFRC+pKlTk2xRV+9CfKqY6FvUS7bTi8JBZ3CkEAHbzF+9BBFNgdIWSQpuWWZaAnC
EiWRYzFa6n/WQ2snPBT23uyyXNp9shdLfnR9NES5dP6KFuOXZv6Jagk7/KeqhGvO
7dZ0fb0R/WmKUkIZLRZJQM1lws80WrFDJWqkoErUl3Cr21K6y71zhQFxMFS78Xqz
+FzUltrVYCCK81cz50vbpG66BirAZckPPlwMyZ3xqP8e55ZmjdC5U4siGtfst9gi
UrzFNra2S8eYjjkoNuUZB33X8+tb+/ioBPj9wSVxdxaxSOI3Lm9I1LMAP+pEuHJ1
Y70egO1kQzaiic8lxt0YHJNqi7ZpfPSWBLsH8c1C09i13ZRbqhDKrVgBhZxRe5Jr
BPTL2Dn5A6YQ2OBhQpjjEQYaVu64r2N6QtjRl/B+6gpCd/eRk6t/jSrKheuRnERj
rLGrbODuOC5U+XwJMSYQK/L2lBuDvQtvFyIWUcfhq6i31molLFletMAzevwM3IRY
gYaIcjCuh7BHFxJk7MtzqcRVW1wYLzgrerUHLJp9iGocgcanJSE2sSDv11IX2MKi
gLBItOXbZPJJmaxRnceg
=DT47
-----END PGP SIGNATURE-----

More information about the Users mailing list