Hello, I'm getting a problem when using pre-shared keys to authenticate peers using IKEv2. Bot peers have debian installed.
Here is the log: Nov 10 17:00:21 debian charon: 06[CFG] added configuration 'net-net': 192.168.1.228[192.168.1.228]...192.168.1.192[192.168.1.192] Nov 10 17:00:21 debian charon: 08[CFG] received stroke: initiate 'net-net' Nov 10 17:00:21 debian charon: 08[AUD] initiating IKE_SA 'net-net' to 192.168.1.192 Nov 10 17:00:21 debian charon: 08[IKE] IKE_SA 'net-net' state change: CREATED => CONNECTING Nov 10 17:00:21 debian charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Nov 10 17:00:21 debian charon: 08[NET] sending packet: from 192.168.1.228[500] to 192.168.1.192[500] Nov 10 17:00:21 debian charon: 10[NET] received packet: from 192.168.1.192[500] to 192.168.1.228[500] Nov 10 17:00:21 debian charon: 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Nov 10 17:00:21 debian charon: 10[IKE] authentication of '192.168.1.228' (myself) with pre-shared key Nov 10 17:00:21 debian charon: 10[IKE] no shared key found for '192.168.1.228' - '192.168.1.192' Nov 10 17:00:21 debian charon: 10[AUD] generating authentication data failed Nov 10 17:00:21 debian charon: 10[AUD] establishing CHILD_SA failed It looks like there is no psk, but here is /etc/ipsec.secrets 192.168.1.228 192.168.1.192: PSK "cisco" 192.168.1.228 0.0.0.0: PSK "cisco" 192.168.1.192 192.168.1.228: PSK "cisco" So I suppose it should authenticate itself. But it doesn't. Can anyone please help? Thanks! Sincerely yours, Andrew Terekhov. _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
