[Openswan Users] Connection Problem

Paul Wouters paul at xelerance.com
Wed Apr 20 12:56:46 EDT 2011

On Wed, 20 Apr 2011, Peter Siegel wrote:

> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" line 1: unrecognized key format: PKS
> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" line 2: unrecognized key format: PKS

See man ipsec.secrets. The keyword is PSK, not PKS.

> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" line 4: premature end of RSA key

It appears you have a broken RSA key configured. Likely you manually killed what you thought
were "hanging" processes on first start when openswan attempts to build a new rsa key. Or you
rebooted while these were running. Remove the partial RSA key.

> Apr 20 08:16:10 firewall pluto[6163]: "Digital" #1: max number of retransmissions (20) reached STATE_MAIN_I1.  No response (or no acceptable
> response) to our first IKE message

This could be a firewall issue, or a misconfiguration issue.

> Apr 20 07:38:09 firewall pluto[11528]: packet from initial Main Mode message received on but no connection
> has been authorized

this seems to indicate a misconfiguration. Your pasted config matches on both end (except a weird "="
symbol which I hopes was an email error)

On the server side, try: ipsec auto --add Digital and see if it shows any error.


More information about the Users mailing list