Привет Андрей ! When strongSwan starts up or if you execute
ipsec rereadsecrets does an entry of the type: Nov 11 16:21:27 carol charon: 01[CFG] loading secrets from '/etc/ipsec.secrets' 01[CFG] loaded IKE secret for 192.168.0.100 appear in the daemon.log file? Regards Andreas Андрей Терехов wrote: > Andreas, > > At first i've had ipsec.secrets like that: > 192.168.1.228 192.168.1.192 : PSK "cisco" > 192.168.1.228 0.0.0.0 : PSK "cisco" > 192.168.1.192 192.168.1.228 : PSK "cisco" > > And I've got the same log. > > Sincerely yours, > Andrew Terekhov. > > Andreas Steffen пишет: >> Hello Andrew, >> >> there must be at least one whitespace character between the identity >> enumerations and the colon ':' separator: >> >> 192.168.1.228 192.168.1.192 : PSK "cisco" >> ^ >> Unfortunately our FreeS/WAN ancestors did not have IPv6 addresses in >> mind when they chose a colon as a separating symbol :-) >> >> Best regards >> >> Andreas >> >> Andrew Terekhov wrote: >>> Hello, I'm getting a problem when using pre-shared keys to authenticate >>> peers using IKEv2. Bot peers have debian installed. >>> >>> Here is the log: >>> Nov 10 17:00:21 debian charon: 06[CFG] added configuration 'net-net': >>> 192.168.1.228[192.168.1.228]...192.168.1.192[192.168.1.192] >>> Nov 10 17:00:21 debian charon: 08[CFG] received stroke: initiate 'net-net' >>> Nov 10 17:00:21 debian charon: 08[AUD] initiating IKE_SA 'net-net' to >>> 192.168.1.192 >>> Nov 10 17:00:21 debian charon: 08[IKE] IKE_SA 'net-net' state change: >>> CREATED => CONNECTING >>> Nov 10 17:00:21 debian charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA >>> KE No N(NATD_S_IP) N(NATD_D_IP) ] >>> Nov 10 17:00:21 debian charon: 08[NET] sending packet: from >>> 192.168.1.228[500] to 192.168.1.192[500] >>> Nov 10 17:00:21 debian charon: 10[NET] received packet: from >>> 192.168.1.192[500] to 192.168.1.228[500] >>> Nov 10 17:00:21 debian charon: 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE >>> No N(NATD_S_IP) N(NATD_D_IP) ] >>> Nov 10 17:00:21 debian charon: 10[IKE] authentication of '192.168.1.228' >>> (myself) with pre-shared key >>> Nov 10 17:00:21 debian charon: 10[IKE] no shared key found for >>> '192.168.1.228' - '192.168.1.192' >>> Nov 10 17:00:21 debian charon: 10[AUD] generating authentication data failed >>> Nov 10 17:00:21 debian charon: 10[AUD] establishing CHILD_SA failed >>> >>> >>> It looks like there is no psk, but here is /etc/ipsec.secrets >>> 192.168.1.228 192.168.1.192: PSK "cisco" >>> 192.168.1.228 0.0.0.0: PSK "cisco" >>> 192.168.1.192 192.168.1.228: PSK "cisco" >>> >>> So I suppose it should authenticate itself. But it doesn't. >>> >>> Can anyone please help? >>> >>> Thanks! >>> >>> Sincerely yours, >>> Andrew Terekhov. >>> _______________________________________________ >>> Users mailing list >>> Users@lists.strongswan.org >>> https://lists.strongswan.org/mailman/listinfo/users >> -- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
