[strongSwan] strongswan no shared key found

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Sep 1 19:43:53 CEST 2021 

Hello Chasing,

Make sure the configuration and the secrets is actually loaded (swanctl -q).
Is server_publicip == serveraddr?

Kind regards
Noel

Am 20.08.21 um 02:02 schrieb Chasing Vega:
> Hi
> 
> I have a server which is public and accepts IPsec and am trying to connect to it through strong
> 
> My configuration for strongswan is
> 
> connections {
>      my-vpn {
>          remote_addrs = server_publicip
>          version = 1
>          proposals = aes256-sha-modp1024
>          reauth_time = 1440m
>          local {
>              auth = psk
>              id = loc
>          }
>          remote {
>              # id field here is inferred from the remote address
>              auth = psk
>              id = sec
>          }
>          children {
>              my-vpn-1 {
>                  local_ts = local_public_ip
>                  remote_ts = server_public_ip
>                  mode = transport
>                  esp_proposals = aes256-sha-modp1024
>                  rekey_time = 60m
>                  start_action = trap
>                  dpd_action = restart
>              }
>          }
>      }
> 
> }
> secrets {
>     ike-my-vpn-1 {
>         id-1 = loc
>         id-2 = sec
>         secret = "This is a strong password"
>     }
> }
> 
> When I try to run strongswan I get
> 
> [IKE] initiating Main Mode IKE_SA my-vpn[49] to serveraddr
> [ENC] generating ID_PROT request 0 [ SA V V V V V ]
> [NET] sending packet: from locip[500] to serveraddr[500] (184 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (108 bytes)
> [ENC] parsed ID_PROT response 0 [ SA V ]
> [IKE] received NAT-T (RFC 3947) vendor ID
> [CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> [ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> [NET] sending packet: from locip[500] to serveraddr[500] (244 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (304 bytes)
> [ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> [IKE] received Cisco Unity vendor ID
> [IKE] received DPD vendor ID
> [ENC] received unknown vendor ID: 5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2
> [IKE] received XAuth vendor ID
> [IKE] no shared key found for 'loc'[locip] - 'sec'[serveraddr]
> [IKE] no shared key found for locip - serveraddr
> [ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) ]
> [NET] sending packet: from locip[500] to serveraddr[500] (56 bytes)
> 
> 
> Does anyone have suggestion?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210901/3e0fac53/attachment.sig>

More information about the Users mailing list