[strongSwan] strongswan no shared key found

Chasing Vega chasingvega8 at gmail.com
Fri Aug 20 17:53:52 CEST 2021


I reloaded the file and was ablt to get the secret . I get

[IKE] IKE_SA my-vpn[12] established between locip[locip]...ipsecip[ipsecip]
[IKE] scheduling reauthentication in 78158s
[IKE] maximum IKE_SA lifetime 86798s
[ENC] generating QUICK_MODE request 925866246 [ HASH SA No ID ID ]
[NET] sending packet: from locip[500] to ipsecip[500] (172 bytes)
[NET] received packet: from ipsecip[500] to locip[500] (108 bytes)
[ENC] parsed INFORMATIONAL_V1 request 3675363864 [ HASH N((24576)) ]
[IKE] received (24576) notify
[NET] received packet: from ipsecip[500] to locip[500] (92 bytes)
[ENC] parsed INFORMATIONAL_V1 request 2592328021 [ HASH N(NO_PROP) ]
[IKE] received NO_PROPOSAL_CHOSEN error notify

Does anyone know how I could proceed?

On Thu, 19 Aug 2021 at 17:02, Chasing Vega <chasingvega8 at gmail.com> wrote:

> Hi
>
> I have a server which is public and accepts IPsec and am trying to connect
> to it through strong
>
> My configuration for strongswan is
>
> connections {
>     my-vpn {
>         remote_addrs = server_publicip
>         version = 1
>         proposals = aes256-sha-modp1024
>         reauth_time = 1440m
>         local {
>             auth = psk
>             id = loc
>         }
>         remote {
>             # id field here is inferred from the remote address
>             auth = psk
>             id = sec
>         }
>         children {
>             my-vpn-1 {
>                 local_ts = local_public_ip
>                 remote_ts = server_public_ip
>                 mode = transport
>                 esp_proposals = aes256-sha-modp1024
>                 rekey_time = 60m
>                 start_action = trap
>                 dpd_action = restart
>             }
>         }
>     }
>
> }
> secrets {
>    ike-my-vpn-1 {
>        id-1 = loc
>        id-2 = sec
>        secret = "This is a strong password"
>    }
> }
>
> When I try to run strongswan I get
>
> [IKE] initiating Main Mode IKE_SA my-vpn[49] to serveraddr
> [ENC] generating ID_PROT request 0 [ SA V V V V V ]
> [NET] sending packet: from locip[500] to serveraddr[500] (184 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (108 bytes)
> [ENC] parsed ID_PROT response 0 [ SA V ]
> [IKE] received NAT-T (RFC 3947) vendor ID
> [CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> [ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> [NET] sending packet: from locip[500] to serveraddr[500] (244 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (304 bytes)
> [ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> [IKE] received Cisco Unity vendor ID
> [IKE] received DPD vendor ID
> [ENC] received unknown vendor ID:
> 5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2
> [IKE] received XAuth vendor ID
> [IKE] no shared key found for 'loc'[locip] - 'sec'[serveraddr]
> [IKE] no shared key found for locip - serveraddr
> [ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) ]
> [NET] sending packet: from locip[500] to serveraddr[500] (56 bytes)
>
>
> Does anyone have suggestion?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210820/d67cc785/attachment.html>


More information about the Users mailing list