[strongSwan] Upgrade client to 5.6.3, get AUTH_FAILED
Tobias Brunner
tobias at strongswan.org
Mon Jul 16 11:06:13 CEST 2018
Hi,
How do you configure strongSwan on client and server, in particular the
secrets (ipsec.secrets/swanctl.conf/vici/SQL/...)?
> Then I upgraded Moon to StrongSWAN 5.6.3 and Moon cannot authenticate
> anymore to Sun. Sun complains about a MAC mismatch :
>
> Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[CFG] selected peer
> config 'net-net'
> Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[IKE] tried 12 shared
> keys for '1.2.3.4' - 'netnetYomama', but MAC mismatched
> Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[IKE] peer supports
> MOBIKE
> Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[ENC] generating
> IKE_AUTH response 1 [ N(AUTH_FAILED) ]
>
> Neither secrets nor config have changed on both peers, and are both
> readable and listed, but the newly upgraded Moon cannot authenticate
> properly and gets rejected.
Sounds weird. Adding your config and more of the log might help (use
the log settings at [1]).
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
More information about the Users
mailing list