[strongSwan] VPN with preshared Key between BB10 and Raspberry-Pi

Tue Jul 19 12:10:46 CEST 2016

Hi Christian,

> Below the result I got by activating the loglevel "cfg 2"

You set it via stroke, which is a bit late as some of the interesting
bits would have been the messages after "received stroke: add connection
'BB10'", which list the settings of the loaded config.  Either set the
log level via `charondebug` or strongswan.conf (see [1]).

But since you added `eap_identity` the immediate problem is now a
different one anyway:

> Jul 18 16:05:17 raspberrypi charon: 09[IKE] no private key found for
> 'ckl.freeboxos.fr'
> Jul 18 16:05:17 raspberrypi charon: 09[ENC] generating IKE_AUTH
> response 1 [ N(AUTH_FAILED) ]

Which makes sense as there is no certificate or private key loaded
during startup:

> Jul 18 16:04:49 raspberrypi charon: 00[CFG] loading secrets from
> '/etc/ipsec.secrets'
> Jul 18 16:04:49 raspberrypi charon: 00[CFG] expanding file expression
> '/var/lib/strongswan/ipsec.secrets.inc' failed
> Jul 18 16:04:49 raspberrypi charon: 00[CFG]   loaded IKE secret for %any
> Jul 18 16:04:49 raspberrypi charon: 00[CFG]   loaded EAP secret for alice
> ...
> Jul 18 16:04:49 raspberrypi charon: 09[CFG] received stroke: add
> connection 'BB10'
> Jul 18 16:04:49 raspberrypi charon: 09[CFG] adding virtual IP address
> pool 10.0.0.0/16
> Jul 18 16:04:49 raspberrypi charon: 09[CFG] added configuration 'BB10'

Refer to [2] for an example using a similar setup (with configs and logs
etc. to compare to, but please read [3]).  The how-to at [4] describes a
simple way to create keys and certificates, if you haven't done so yet.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
[2] https://www.strongswan.org/testing/testresults/ikev2/rw-eap-md5-rsa/
[3]
https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationExamplesNotes
[4] https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA