Hi Andreas, I have changed the ipsec.secrets file and saw that secret values where read properly by both client and server, I still get the authentication Failure, but i am not sure why EAP_ONLY is been sent, i that the cause for failure.
/*****Client *******/ 13[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] /**********servre ******/ 05[NET] received packet: from 10.43.135.221[4500] to 10.73.127.45[4500] 05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] 05[CFG] looking for peer configs matching 10.73.127.45[10.73.127.45]...10.43.135. 221[10.43.135.221] 05[CFG] selected peer config 'rw' 05[IKE] no shared key found for '10.73.127.45' - '10.43.135.221' 05[IKE] peer supports MOBIKE 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] 05[NET] sending packet: from 10.73.127.45[4500] to 10.43.135.221[4500] /************************************/ I appreciate your response. Thanks Naveen On Fri, Sep 13, 2013 at 11:36 PM, Andreas Steffen < andreas.stef...@strongswan.org> wrote: > Hi Naveen, > > due to a syntax error in your ipsec.secrets, the responder doesn't > find a matching PSK an aborts: > > > /******** Server side log **********/ > ... > > loading secrets from "/etc/ipsec.secrets" > > loaded PSK secret for 10.73.127.45 10.43.135.221 > > "/etc/ipsec.secrets" line 12: PSK data malformed (input does not begin > > with format prefix): 1234567890 > > The PSK must be of the form: > > 10.73.127.45 10.43.135.221 : PSK "1234567890" > > if it is to be treated as a text string or > > 10.73.127.45 10.43.135.221 : PSK 0x1234567890abcdef > > if it is to be a HEX value or > > 10.73.127.45 10.43.135.221 : PSK 0s123456789abcxyzABCXYZ+/ > > it it is to be interpreted as a Base64-encoded value. > > Regards > > Andreas > > On 09/14/2013 05:47 AM, Naveen Neelakanta wrote: > > Hi All, > > > > I have installed both strongswan server and client . > > I am trying the virtual ip scenario with PSK auth method, but the i am > > not able to get it working with the attached configuration files used. > > Please find the attached server and client configuration file. > > I have installed the strongswan 5.1.0 version with the below > > confguration to reduce the size. > > > > "--disable-rc2 --disable-md5 --disable-sha1 --disable-sha2 > > --disable-fips-prf \ > > --disable-aes--disable-des --enable-openssl --disable-pkcs1 > > --disable-pkcs7 --disable-pkcs8 \ > > --disable-pkcs12--disable-pgp --disable-dnskey --disable-sshkey > > --disable-hmac --disable-cmac \ > > --disable-xcbc --disable-gmp --disable-scripts --disable-ikev1 > > --disable-tools --enable-monolithic" > > > > these below logs are collect from the command #ipsec start --nofork > > > > /******** Client side log **********/ > > ipsec up host > > initiating IKE_SA host[1] to 10.73.127.45 > > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > > sending packet: from 10.43.135.221[500] to 10.73.127.45[500] (752 bytes) > > received packet: from 10.73.127.45[500] to 10.43.135.221[500] (440 bytes) > > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > > N(MULT_AUTH) > > ] > > authentication of '10.43.135.221' (myself) with pre-shared key > > establishing CHILD_SA host > > generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR > > DNS) SA TSi > > TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > > sending packet: from 10.43.135.221[4500] to 10.73.127.45[4500] (412 > bytes) > > received packet: from 10.73.127.45[4500] to 10.43.135.221[4500] (76 > bytes) > > parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] > > received AUTHENTICATION_FAILED notify error > > establishing connection 'host' failed > > /***************************************************/ > > > > > > /******** Server side log **********/ > > 11[CFG] adding virtual IP address pool 'rw': 10.3.0.0/28 > > <http://10.3.0.0/28> > > loading ca certificates from '/etc/ipsec.d/cacerts' > > loading aa certificates from '/etc/ipsec.d/aacerts' > > loading ocsp certificates from '/etc/ipsec.d/ocspcerts' > > Changing to directory '/etc/ipsec.d/crls' > > loading attribute certificates from '/etc/ipsec.d/acerts' > > spawning 4 worker threads > > listening for IKE messages > > adding interface wlan0/wlan0 10.73.127.45:500 <http://10.73.127.45:500> > > adding interface lo/lo 127.0.0.1:500 <http://127.0.0.1:500> > > adding interface lo/lo ::1:500 > > loading secrets from "/etc/ipsec.secrets" > > loaded PSK secret for 10.73.127.45 10.43.135.221 > > "/etc/ipsec.secrets" line 12: PSK data malformed (input does not begin > > with format prefix): 1234567890 > > added connection description "rw" > > 06[NET] received packet: from 10.43.135.221[500] to 10.73.127.45[500] > > 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) > N(NATD_D_IP) ] > > 06[IKE] 10.43.135.221 is initiating an IKE_SA > > 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) > > N(NATD_D_IP) N(MULT_AUTH) ] > > 06[NET] sending packet: from 10.73.127.45[500] to 10.43.135.221[500] > > 05[NET] received packet: from 10.43.135.221[4500] to 10.73.127.45[4500] > > 05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR > > DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > > 05[CFG] looking for peer configs matching > > 10.73.127.45[10.73.127.45]...10.43.135.221[10.43.135.221] > > 05[CFG] no matching peer config found > > 05[IKE] peer supports MOBIKE > > 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] > > 05[NET] sending packet: from 10.73.127.45[4500] to 10.43.135.221[4500] > > > /**********************************************************************************/ > > > > Thanks > > Naveen > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users