[strongSwan] IPSec session not getting established

Noel Kuntze noel at familie-kuntze.de
Thu Aug 6 05:46:49 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Ashok,

No, I mean that the default values for the different
settings are supposed to be defined in "conn %default",
not "conn default".
The first conn name sets the default values, but the second
name declares a conn called "default", it doesn't set any default values.
"authby=secret" is the same as "leftauth=psk" and "rightauth=psk".
"authby" is deprecated. Use "leftauth" and "rightauth".

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 05.08.2015 um 11:11 schrieb ashok kj:
> Thanks Noel for the reply. So Do you mean that "authyby=secret" is same as "left | rightauth=psk"
>
> Regards
> Ashok
>
>
>
> On Tuesday, 4 August 2015 5:18 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
>
>
> Hello Ashok
>
> conn %default != conn default
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 04.08.2015 um 12:05 schrieb ashok kj:
> > Thanks Tobias,
>
> > I was under the impression authby=secret will be same as left|rightauth=psk.
> > Thanks for your perfect shot.
>
> > Regards
> > Ashok
>
>
>
> > On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <tobias at strongswan.org <mailto:tobias at strongswan.org>> wrote:
>
>
> > Hi Ashok,
>
> > > I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
> > >
> > > ...
> > > Aug  3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for 'moon.strongswan.org'
> > > ...
> > >
> > > May I know what am I missing?
>
> > A lesson in reading the log and status output perhaps ;-)  The log
> > message above indicates that the daemon does not find a _private_ key,
> > not a _shared_ key.  That's because the connection is set to use public
> > key authentication, not pre-shared key authentication, as can be seen in
> > the output here:
>
> > > root at user-Lenovo-Product <mailto:root at user-Lenovo-Product> <mailto:root at user-Lenovo-Product <mailto:root at user-Lenovo-Product>>:/home/user# ipsec statusall
> > > ...
> > >        home:  192.168.1.5...192.168.1.16  IKEv1/2
> > >        home:  local:  [moon.strongswan.org] uses public key authentication
> > >        home:  remote: [ashok at strongswan.org <mailto:ashok at strongswan.org> <mailto:ashok at strongswan.org <mailto:ashok at strongswan.org>>] uses public key authentication
>
> > This is, of course, due to the `left|rightauth=psk` options you
> > commented out in ipsec.conf (the default is `pubkey`):
>
>
> > > conn home
> > >        left=192.168.1.5
> > >        leftid=@moon.strongswan.org
> > > #        leftauth=psk
> > > #      leftauth=pubkey
> > >        leftsubnet=192.168.1.5/32
> > >        leftfirewall=yes
> > >        right=192.168.1.16
> > >        rightid=ashok at strongswan.org <mailto:ashok at strongswan.org> <mailto:ashok at strongswan.org <mailto:ashok at strongswan.org>>
>
> > >        rightsubnet=192.168.1.16/32
> > > #        rightauth=psk
> > >        ike=3des-md5-modp768!
> > >        esp=aes128-sha1-modp1024!
> > > #        auto=add
> > >        auto=start
>
> > Regards,
>
> > Tobias
>
>
>
>
>
>
>
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVwtipAAoJEDg5KY9j7GZY0B8P/RI4Dbm1lgXJQT9ygoZDmuyd
kEl7AdVmT8tii3v3jAkQI/1itzbR2JWzBAlUlEseXtROYUImBiN/l6lhkO68qZEX
Wbyq3TMZGDIeJYywmF5CXQsIDqZ+JZcUOBFHZzVJZ5Kz0gWV+V50Knas9R4+tivH
JiIydyua4idoEAOUlQ/Bh6GSzhOqOZ4ennfvvzHem/YMw/x34hIc6abn/B9za97B
S2hWqWDF/5f0iPa3fWajP2NkfhaL87L7lKwTJdfduEpNH0lGWWvnZ0htZdsNmFgu
BVDw5Bgd54ZJe5uzInXmEl7HUwDwiC2XQhAe/T9/Tr04BdLIZQYE//OCN5TvUd5m
+AzOTzTmNFbjz2pAtVatkyw1n0cJ3fe4DAlAcOX/uXK3VVUlKXTBwb5rvCS9OF3B
pL0QyzfrcPNylef3g39AbrPixrMM1kbHZPBNGbAWF5L0qOpSOpFZo4e95pHxOHeF
1Z5L8KKtoS5c1GPethSHI0+o9lBJnSlqTFPN3XUJXObFDSlzKjEMeZR/iOfkg+6L
vg+6ae9u5yyX00I+KDppHDxSoN+d/d6QMLVhUQaVjUf+3nUZUVBDufxH+xwAu5Pk
szmHnpP9/dlvwy5sZ6dZLsB23Sgbwhw4mmccY10MZlnRNK0r9kbQSIhSyUR0K4pq
BD8Ti6qj27cWKlFfcC0+
=dMc1
-----END PGP SIGNATURE-----

More information about the Users mailing list