On Mon, 19 Dec 2016, Steve Scheck wrote:
I’m having problems getting Libreswan working for a road warrior with
pre-shared key configuration.
Here’s the configuration and logs produced.
Thanks for any suggestions on how to proceed with troubleshooting this.
el-lado-claro.secrets
192.0.2.1 @EL-LADO-OSCURO: PSK "********************************"
you need to add 0.0.0.0 or %any as well if you have right=%any
el-lado-claro.conf
conn EL-LADO-OSCURO
type=tunnel
left=192.0.2.1
leftid=192.0.2.1
right=%any
rightid=@EL-LADO-OSCURO
authby=secret
There cannot be empty lines in your configuration.
# IKE Phase 1
#ike=3des-sha1;dh2
ike=3des-sha1;modp1024
this is really old fashioned. I hope you can do better with the other
end? Like match the esp= and use aes-sha1 at the least?
Dec 19 15:28:48 localhost pluto[5561]: "EL-LADO-OSCURO"[1] 198.51.100.1 #1:
transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Dec 19 15:28:48 localhost pluto[5561]: "EL-LADO-OSCURO"[1] 198.51.100.1 #1:
STATE_AGGR_R1: sent AR1, expecting AI2
Dec 19 15:28:48 localhost pluto[5561]: "EL-LADO-OSCURO"[1] 198.51.100.1 #1:
packet rejected: should have been encrypted
It really did not like you at all. Looks like a mismatched
configuration. You might be able to tell more if you enable
debugging and see whats in the unencrypted response.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
