Hi, I have a debian box with static public IP and remote sites using Sonicwall devices and want to establish a tunnel between them. I use PSK for auth and I have a case where the tunnel is established with Openswan, but not with Strongswan(which I´d prefer to use)
This is my ipsec.conf: ---------- version 2.0 config setup plutodebug=all klipsdebug=all #charondebug=all nat_traversal=no #charonstart=yes #plutostart=yes conn %default type=tunnel leftsubnet=192.168.230.0/24 left=LeftIP leftid=LeftP leftnexthop=LeftGW #keyexchange=ikev2 leftsourceip=192.168.230.50 authby=secret conn to-federalismo auth=esp ike=3des-sha1-modp1024! ikelifetime=28800s esp=null-sha1 dpdaction=clear leftsourceip=192.168.230.1 pfs=no keyingtries=1 authby=secret #right=domain1.dyndns.org right=%any rightsubnet=192.168.110.0/24 [email protected] auto=add include /etc/ipsec.d/examples/no_oe.conf ---------- And ipsec.secrets: ------ #[email protected] IPLocal : PSK "temporal" %any IPLocal : PSK "temporal" ------ Using exactly the same config files, the tunnel works with Openswan, but with Strongswan I get: "Jan 4 16:34:08 debian pluto[22010]: "to-federalismo"[3] IPRemote #3: Can't authenticate: no preshared key found for `IPLocal' and `%any'. Attribute OAKLEY_AUTHENTICATION_METHOD" even though the ipsec.secrets files is confirmed with "ipsec rereadsecrets" succesfully. If I change the right parameter to "right=domain1.dyndns.org" and uncomment the corresponding ipsec.secrets file, it works with Strongswan, but only for the first tunnel, the second (anoterh sonicwall device with dyndns) fails to work. What can I do for Strongswan to accept the "right=%any" option? I tried enabling charon and didn´t work either. Regards, Omar
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
