[Openswan Users] no preshared key found if using %any and PSK

[Michael Speck]

Hi,

I am using Openswan 2.4.8 and have stumbled across this seemingly old problem that %any is not working as it should when used in the secrets file for a PSK. I have searched several mailing lists and it seems that this problem has been introduced by Openswan 2.3.0 and is known. I just wanted to point out that it is still alive and not yet fixed. I did not find any solution to it in the internet. The suggestion to add a newline did not work. Bug-Report 370 suggest nat-traversal but it is on and still it does not work.

The connection is directly between two devices m164 (192.168.6.164) and t165 (192.168.6.165). When trying to bring it up I get the error message (on t165):

pluto[21415]: "IPsecConn-1"[2] 192.168.6.164 #2: Can't authenticate: no preshared key found for `192.168.6.165' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD

Configuration on m164:

***ipsec.secrets***
192.168.6.164 192.168.6.165 : PSK "qweqwe"

***ipsec.conf***
version 2

config setup
  interfaces="ipsec0=br0"
  nat_traversal=yes
  virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
  left=192.168.6.164
  authby=secret
  pfs=yes

conn IPsecConn-1
  right=192.168.6.165
  rightsubnet=192.168.10.0/24
  auto=start

include /etc/config/no_oe.conf.in

Configuration on t165:

*** ipsec.secrets ***
192.168.6.165 %any: PSK "qweqwe"

***ipsec.conf***
version 2

config setup
  interfaces="ipsec1=ixp1"
  nat_traversal=yes
  virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/24

conn %default
  left=192.168.6.165
  leftsubnet=192.168.10.0/24
  authby=secret
  pfs=yes

conn IPsecConn-1
  right=%any
  rightsubnet=vhost:%no,%priv
  auto=add

Using 
: PSK "qweqwe"
as secrets on t165 works fine though.

Thanks and best regards,
Michael Speck

-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail