[Openswan Users] WG: Connection Problem

Peter Siegel PeterS at 4ahead.com
Wed Apr 20 15:36:58 EDT 2011

Thank you, 

I changed it to PSK now and i found the error  with the rsa key and after fixing the = typo it worked 


-----Ursprüngliche Nachricht-----
Von: Paul Wouters [mailto:paul at xelerance.com]
Gesendet: Mittwoch, 20. April 2011 18:57
An: Peter Siegel
Cc: users at openswan.org
Betreff: Re: [Openswan Users] Connection Problem

On Wed, 20 Apr 2011, Peter Siegel wrote:

> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" 
> line 1: unrecognized key format: PKS Apr 20 08:03:00 firewall
> ipsec__plutorun: 003 "/etc/ipsec.secrets" line 2: unrecognized key
> format: PKS

See man ipsec.secrets. The keyword is PSK, not PKS.

> Apr 20 08:03:00 firewall ipsec__plutorun: 003 "/etc/ipsec.secrets" 
> line 4: premature end of RSA key

It appears you have a broken RSA key configured. Likely you manually killed what you thought were "hanging" processes on first start when openswan attempts to build a new rsa key. Or you rebooted while these were running. Remove the partial RSA key.

> Apr 20 08:16:10 firewall pluto[6163]: "Digital" #1: max number of 
> retransmissions (20) reached STATE_MAIN_I1.  No response (or no 
> acceptable
> response) to our first IKE message

This could be a firewall issue, or a misconfiguration issue.

> Apr 20 07:38:09 firewall pluto[11528]: packet from 
> initial Main Mode message received on but no 
> connection has been authorized

this seems to indicate a misconfiguration. Your pasted config matches on both end (except a weird "="
symbol which I hopes was an email error)

On the server side, try: ipsec auto --add Digital and see if it shows any error.


More information about the Users mailing list