[Openswan Users] no preshared key found error

Randy Wyatt rwyatt at nvtl.com
Thu Oct 7 12:19:06 EDT 2010 

For the ipsec.secrets file, try

@sf.xx.com @trenton.xx.com : PSK "mypassword"

Regards,
Randy

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of matt.bazan at comcast.net
Sent: Thursday, October 07, 2010 8:59 AM
To: users at openswan.org
Subject: [Openswan Users] no preshared key found error

hi all - getting following error on my site-to-site VPN tunnel:

Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
ignoring unknown Vendor ID payload [4f456d406b6753464548407f]
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
received Vendor ID payload [Dead Peer Detection]
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct  7 09:33:05 ubuntuFW pluto[23546]: packet from 173.xx.xx.xx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: responding
to Main Mode
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: Can't
authenticate: no preshared key found for `@sf.xx.com' and
`@trenton.xx.com'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Oct  7 09:33:05 ubuntuFW pluto[23546]: last message repeated 11 times
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: no
acceptable Oakley Transform
Oct  7 09:33:05 ubuntuFW pluto[23546]: "SF-To-Trenton" #27: sending
notification NO_PROPOSAL_CHOSEN to 173.xx.xx.xx:500
Oct  7 09:33:31 ubuntuFW pluto[23546]: "SF-To-Trenton" #1: ignoring
informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Oct  7 09:33:31 ubuntuFW pluto[23546]: "SF-To-Trenton" #1: received and
ignored informational message

not sure what the deal is this is a very basic setup.  two ubuntu 10.4
servers w/ public IPs.  here's ipsec.conf:


@ubuntuFW:/etc$ sudo vi ipsec.conf
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes
        # exclude networks used on server side by adding %v4:!a.b.c.0/24
 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        # OE is now off by default. Uncomment and change to on, to
enable.
        oe=off
        # which IPsec stack to use. netkey,klips,mast,auto or none
        protostack=netkey


# Add connections here
conn SF-To-Trenton
        authby=secret
        left=69.xx.xx.xx
        leftsubnet=192.168.0.0/24
        leftid=@sf.xx.com
        leftnexthop=%defaultroute
        right=173.xx.xx.xx
        rightsubnet=192.168.10.0/24
        rightid=@trenton.xx.com
        auto=start

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
#               # Left security gateway, subnet behind it, nexthop
toward right.
#               left=10.0.0.1
#               leftsubnet=172.16.0.0/24
#               leftnexthop=10.22.33.44
#               # Right security gateway, subnet behind it, nexthop
toward left.
#               right=10.12.12.1
#               rightsubnet=192.168.0.0/24
#               rightnexthop=10.101.102.103
#               # To authorize this connection, but not actually start
it,
#               # at startup, uncomment this.
#               #auto=start

..and here's ipsec.secrets file:

# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp
$
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf,
DNS,
# or configuration of other implementations, can be extracted
conveniently
# with "ipsec showhostkey".
69.xx.xx.xx 173.xx.xx.xx : "mysecret"

_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list