Andreas, At first i've had ipsec.secrets like that: 192.168.1.228 192.168.1.192 : PSK "cisco" 192.168.1.228 0.0.0.0 : PSK "cisco" 192.168.1.192 192.168.1.228 : PSK "cisco"
And I've got the same log. Sincerely yours, Andrew Terekhov. Andreas Steffen пишет: > Hello Andrew, > > there must be at least one whitespace character between the identity > enumerations and the colon ':' separator: > > 192.168.1.228 192.168.1.192 : PSK "cisco" > ^ > Unfortunately our FreeS/WAN ancestors did not have IPv6 addresses in > mind when they chose a colon as a separating symbol :-) > > Best regards > > Andreas > > Andrew Terekhov wrote: >> Hello, I'm getting a problem when using pre-shared keys to authenticate >> peers using IKEv2. Bot peers have debian installed. >> >> Here is the log: >> Nov 10 17:00:21 debian charon: 06[CFG] added configuration 'net-net': >> 192.168.1.228[192.168.1.228]...192.168.1.192[192.168.1.192] >> Nov 10 17:00:21 debian charon: 08[CFG] received stroke: initiate 'net-net' >> Nov 10 17:00:21 debian charon: 08[AUD] initiating IKE_SA 'net-net' to >> 192.168.1.192 >> Nov 10 17:00:21 debian charon: 08[IKE] IKE_SA 'net-net' state change: >> CREATED => CONNECTING >> Nov 10 17:00:21 debian charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA >> KE No N(NATD_S_IP) N(NATD_D_IP) ] >> Nov 10 17:00:21 debian charon: 08[NET] sending packet: from >> 192.168.1.228[500] to 192.168.1.192[500] >> Nov 10 17:00:21 debian charon: 10[NET] received packet: from >> 192.168.1.192[500] to 192.168.1.228[500] >> Nov 10 17:00:21 debian charon: 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE >> No N(NATD_S_IP) N(NATD_D_IP) ] >> Nov 10 17:00:21 debian charon: 10[IKE] authentication of '192.168.1.228' >> (myself) with pre-shared key >> Nov 10 17:00:21 debian charon: 10[IKE] no shared key found for >> '192.168.1.228' - '192.168.1.192' >> Nov 10 17:00:21 debian charon: 10[AUD] generating authentication data failed >> Nov 10 17:00:21 debian charon: 10[AUD] establishing CHILD_SA failed >> >> >> It looks like there is no psk, but here is /etc/ipsec.secrets >> 192.168.1.228 192.168.1.192: PSK "cisco" >> 192.168.1.228 0.0.0.0: PSK "cisco" >> 192.168.1.192 192.168.1.228: PSK "cisco" >> >> So I suppose it should authenticate itself. But it doesn't. >> >> Can anyone please help? >> >> Thanks! >> >> Sincerely yours, >> Andrew Terekhov. >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
