On Wed, 3 Sep 2014, Bob Miller wrote:
I hope this is just me being stupid; I built and deployed a new firewall
for a client over the weekend (using 3.9), and testing it today I am
getting error message:
but no connection has been authorized with policy=PSK
Sep 3 10:27:19 firewall pluto[10302]: packet from 199.247.177.61:500:
initial Main Mode message received on 207.189.234.30:500 but no
connection has been authorized with policy=PSK
I am pretty sure, based on prior experience and doing a bit of checking
on the web this morning, that the authby=secret line is supposed to
authorize the connection with policy=PSK. Am I in error?
The error message is somewhat misleading. There is something else that
is not matching, but it is only telling you one of the major match
requirements (authby=)
conn rw-l2tp-psk
type=transport
authby=secret
left=199.247.234.30
leftnexthop=207.189.235.254
leftprotoport=17/%any
That should be leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=no
dpddelay=30
dpdtimeout=120
dpdaction=clear
root@firewall:~# cat /etc/ipsec.secrets
207.189.234.30 %any : PSK "mysecret"
Shouldn't this have 199.247.234.30 listed?
If this is the only connection on the server
you can also do:
: PSK "mysecret"
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
