[Openswan Users] no preshared key found error

matt.bazan at comcast.net matt.bazan at comcast.net
Thu Oct 7 11:59:28 EDT 2010 

hi all - getting following error on my site-to-site VPN tunnel:

Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: ignoring unknown Vendor ID payload [4f456d406b6753464548407f]
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: received Vendor ID payload [Dead Peer Detection]
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: received Vendor ID payload [RFC 3947] method set to=109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: responding to Main Mode
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: Can't authenticate: no preshared key found for `@sf.xx.com' and `@trenton.xx.com'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Oct  7 09:33:05 ubuntuFW pluto[23546]: last message repeated 11 times
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: no acceptable Oakley Transform
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: sending notification NO_PROPOSAL_CHOSEN to 173.xx.xx.xx:500
Oct  7 09:33:31 ubuntuFW pluto[23546]: "SF-To-Trenton" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Oct  7 09:33:31 ubuntuFW pluto[23546]: "SF-To-Trenton" #1: received and ignored informational message

not sure what the deal is this is a very basic setup.  two ubuntu 10.4 servers w/ public IPs.  here's ipsec.conf:


@ubuntuFW:/etc$ sudo vi ipsec.conf
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes
        # exclude networks used on server side by adding %v4:!a.b.c.0/24
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        # OE is now off by default. Uncomment and change to on, to enable.
        oe=off
        # which IPsec stack to use. netkey,klips,mast,auto or none
        protostack=netkey


# Add connections here
conn SF-To-Trenton
        authby=secret
        left=69.xx.xx.xx
        leftsubnet=192.168.0.0/24
        leftid=@sf.xx.com
        leftnexthop=%defaultroute
        right=173.xx.xx.xx
        rightsubnet=192.168.10.0/24
        rightid=@trenton.xx.com
        auto=start

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
#               # Left security gateway, subnet behind it, nexthop toward right.
#               left=10.0.0.1
#               leftsubnet=172.16.0.0/24
#               leftnexthop=10.22.33.44
#               # Right security gateway, subnet behind it, nexthop toward left.
#               right=10.12.12.1
#               rightsubnet=192.168.0.0/24
#               rightnexthop=10.101.102.103
#               # To authorize this connection, but not actually start it,
#               # at startup, uncomment this.
#               #auto=start

..and here's ipsec.secrets file:

# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
69.xx.xx.xx 173.xx.xx.xx : "mysecret"

More information about the Users mailing list