[strongSwan] strongswan no shared key found

Chasing Vega chasingvega8 at gmail.com
Fri Aug 20 02:02:34 CEST 2021 

Hi

I have a server which is public and accepts IPsec and am trying to connect
to it through strong

My configuration for strongswan is

connections {
    my-vpn {
        remote_addrs = server_publicip
        version = 1
        proposals = aes256-sha-modp1024
        reauth_time = 1440m
        local {
            auth = psk
            id = loc
        }
        remote {
            # id field here is inferred from the remote address
            auth = psk
            id = sec
        }
        children {
            my-vpn-1 {
                local_ts = local_public_ip
                remote_ts = server_public_ip
                mode = transport
                esp_proposals = aes256-sha-modp1024
                rekey_time = 60m
                start_action = trap
                dpd_action = restart
            }
        }
    }

}
secrets {
   ike-my-vpn-1 {
       id-1 = loc
       id-2 = sec
       secret = "This is a strong password"
   }
}

When I try to run strongswan I get

[IKE] initiating Main Mode IKE_SA my-vpn[49] to serveraddr
[ENC] generating ID_PROT request 0 [ SA V V V V V ]
[NET] sending packet: from locip[500] to serveraddr[500] (184 bytes)
[NET] received packet: from serveraddr[500] to locip[500] (108 bytes)
[ENC] parsed ID_PROT response 0 [ SA V ]
[IKE] received NAT-T (RFC 3947) vendor ID
[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[NET] sending packet: from locip[500] to serveraddr[500] (244 bytes)
[NET] received packet: from serveraddr[500] to locip[500] (304 bytes)
[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
[IKE] received Cisco Unity vendor ID
[IKE] received DPD vendor ID
[ENC] received unknown vendor ID:
5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2
[IKE] received XAuth vendor ID
[IKE] no shared key found for 'loc'[locip] - 'sec'[serveraddr]
[IKE] no shared key found for locip - serveraddr
[ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) ]
[NET] sending packet: from locip[500] to serveraddr[500] (56 bytes)


Does anyone have suggestion?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210819/a71ee8e6/attachment.html>

More information about the Users mailing list