[Openswan Users] no preshared key found if using %any and PSK

Paul Overton paul at trusted-management.com
Sat Jan 19 09:07:00 EST 2008 

Hi,

The error is in your ipsec.secrets. When using %any you simply leave
this section blank in the ipsec.secrets, such that you have the
following:

X.x.x.x |PSK "etc"

Only put in your local ip address 


Regards
--
Paul Overton


-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Michael Speck
Sent: 14 January 2008 14:04
To: users at openswan.org
Subject: [Openswan Users] no preshared key found if using %any and PSK

Hi,

I am using Openswan 2.4.8 and have stumbled across this seemingly old
problem that %any is not working as it should when used in the secrets
file for a PSK. I have searched several mailing lists and it seems that
this problem has been introduced by Openswan 2.3.0 and is known. I just
wanted to point out that it is still alive and not yet fixed. I did not
find any solution to it in the internet. The suggestion to add a newline
did not work. Bug-Report 370 suggest nat-traversal but it is on and
still it does not work.

The connection is directly between two devices m164 (192.168.6.164) and
t165 (192.168.6.165). When trying to bring it up I get the error message
(on t165):

pluto[21415]: "IPsecConn-1"[2] 192.168.6.164 #2: Can't authenticate: no
preshared key found for `192.168.6.165' and `%any'.  Attribute
OAKLEY_AUTHENTICATION_METHOD

Configuration on m164:

***ipsec.secrets***
192.168.6.164 192.168.6.165 : PSK "qweqwe"

***ipsec.conf***
version 2

config setup
  interfaces="ipsec0=br0"
  nat_traversal=yes
  virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
  left=192.168.6.164
  authby=secret
  pfs=yes

conn IPsecConn-1
  right=192.168.6.165
  rightsubnet=192.168.10.0/24
  auto=start

include /etc/config/no_oe.conf.in

Configuration on t165:

*** ipsec.secrets ***
192.168.6.165 %any: PSK "qweqwe"

***ipsec.conf***
version 2

config setup
  interfaces="ipsec1=ixp1"
  nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:
!192.168.10.0/24

conn %default
  left=192.168.6.165
  leftsubnet=192.168.10.0/24
  authby=secret
  pfs=yes

conn IPsecConn-1
  right=%any
  rightsubnet=vhost:%no,%priv
  auto=add

Using
: PSK "qweqwe"
as secrets on t165 works fine though.

Thanks and best regards,
Michael Speck

--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by Trusted Management Limited, and is
believed to be clean.

More information about the Users mailing list