[strongSwan] IPSec session not getting established
ashok kj
ashok_asij at yahoo.com
Wed Aug 5 11:11:37 CEST 2015
Thanks Noel for the reply. So Do you mean that "authyby=secret" is same as "left | rightauth=psk"
RegardsAshok
On Tuesday, 4 August 2015 5:18 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Ashok
conn %default != conn default
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 04.08.2015 um 12:05 schrieb ashok kj:
> Thanks Tobias,
>
> I was under the impression authby=secret will be same as left|rightauth=psk.
> Thanks for your perfect shot.
>
> Regards
> Ashok
>
>
>
> On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>
>
> Hi Ashok,
>
> > I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
> >
> > ...
> > Aug 3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for 'moon.strongswan.org'
> > ...
> >
> > May I know what am I missing?
>
> A lesson in reading the log and status output perhaps ;-) The log
> message above indicates that the daemon does not find a _private_ key,
> not a _shared_ key. That's because the connection is set to use public
> key authentication, not pre-shared key authentication, as can be seen in
> the output here:
>
> > root at user-Lenovo-Product <mailto:root at user-Lenovo-Product>:/home/user# ipsec statusall
> > ...
> > home: 192.168.1.5...192.168.1.16 IKEv1/2
> > home: local: [moon.strongswan.org] uses public key authentication
> > home: remote: [ashok at strongswan.org <mailto:ashok at strongswan.org>] uses public key authentication
>
> This is, of course, due to the `left|rightauth=psk` options you
> commented out in ipsec.conf (the default is `pubkey`):
>
>
> > conn home
> > left=192.168.1.5
> > leftid=@moon.strongswan.org
> > # leftauth=psk
> > # leftauth=pubkey
> > leftsubnet=192.168.1.5/32
> > leftfirewall=yes
> > right=192.168.1.16
> > rightid=ashok at strongswan.org <mailto:ashok at strongswan.org>
> > rightsubnet=192.168.1.16/32
> > # rightauth=psk
> > ike=3des-md5-modp768!
> > esp=aes128-sha1-modp1024!
> > # auto=add
> > auto=start
>
> Regards,
>
> Tobias
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVwKZyAAoJEDg5KY9j7GZYbGoQAIiUzSwVzI9D+dk9peZKe0t6
Iaf4RvQ5YOuqfJhYgohwjitkz4l6QLQvh76RXTSsphVVZwaxEfVoI03H0jIxeyjB
RFRC+pKlTk2xRV+9CfKqY6FvUS7bTi8JBZ3CkEAHbzF+9BBFNgdIWSQpuWWZaAnC
EiWRYzFa6n/WQ2snPBT23uyyXNp9shdLfnR9NES5dP6KFuOXZv6Jagk7/KeqhGvO
7dZ0fb0R/WmKUkIZLRZJQM1lws80WrFDJWqkoErUl3Cr21K6y71zhQFxMFS78Xqz
+FzUltrVYCCK81cz50vbpG66BirAZckPPlwMyZ3xqP8e55ZmjdC5U4siGtfst9gi
UrzFNra2S8eYjjkoNuUZB33X8+tb+/ioBPj9wSVxdxaxSOI3Lm9I1LMAP+pEuHJ1
Y70egO1kQzaiic8lxt0YHJNqi7ZpfPSWBLsH8c1C09i13ZRbqhDKrVgBhZxRe5Jr
BPTL2Dn5A6YQ2OBhQpjjEQYaVu64r2N6QtjRl/B+6gpCd/eRk6t/jSrKheuRnERj
rLGrbODuOC5U+XwJMSYQK/L2lBuDvQtvFyIWUcfhq6i31molLFletMAzevwM3IRY
gYaIcjCuh7BHFxJk7MtzqcRVW1wYLzgrerUHLJp9iGocgcanJSE2sSDv11IX2MKi
gLBItOXbZPJJmaxRnceg
=DT47
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150805/7e87aa56/attachment.html>
More information about the Users
mailing list