Hello Omar, since only a single common PSK can be used with IKEv1 Main Mode and dynamic IP addresses, why don't you just define
: PSK "temporal" Regards Andreas On 01/05/2011 12:31 AM, Omar Armas wrote: > Hi, I have a debian box with static public IP and remote sites using > Sonicwall devices and want to establish a tunnel between them. > I use PSK for auth and I have a case where the tunnel is established > with Openswan, but not with Strongswan(which I´d prefer to use) > > This is my ipsec.conf: > > ---------- > version 2.0 > config setup > plutodebug=all > klipsdebug=all > #charondebug=all > nat_traversal=no > #charonstart=yes > #plutostart=yes > > conn %default > type=tunnel > leftsubnet=192.168.230.0/24 <http://192.168.230.0/24> > left=LeftIP > leftid=LeftP > leftnexthop=LeftGW > #keyexchange=ikev2 > leftsourceip=192.168.230.50 > authby=secret > > conn to-federalismo > auth=esp > ike=3des-sha1-modp1024! > ikelifetime=28800s > esp=null-sha1 > dpdaction=clear > leftsourceip=192.168.230.1 > pfs=no > keyingtries=1 > authby=secret > #right=domain1.dyndns.org <http://domain1.dyndns.org> > right=%any > rightsubnet=192.168.110.0/24 <http://192.168.110.0/24> > [email protected] <http://domain1.dyndns.org> > auto=add > > include /etc/ipsec.d/examples/no_oe.conf > ---------- > > > And ipsec.secrets: > > ------ > #[email protected] <http://domain1.dyndns.org>IPLocal : PSK "temporal" > %anyIPLocal :PSK "temporal" > ------ > > > Using exactly the same config files, the tunnel works with Openswan, but > with Strongswan I get: > > "Jan 4 16:34:08 debian pluto[22010]: "to-federalismo"[3] IPRemote #3: > Can't authenticate: no preshared key found for `IPLocal' and `%any'. > Attribute OAKLEY_AUTHENTICATION_METHOD" > > even though the ipsec.secrets files is confirmed with "ipsec > rereadsecrets" succesfully. > > If I change the right parameter to "right=domain1.dyndns.org > <http://domain1.dyndns.org>" and uncomment the corresponding > ipsec.secrets file, it works with Strongswan, but only for the first > tunnel, the second (anoterh sonicwall device with dyndns) fails to work. > What can I do for Strongswan to accept the "right=%any" option? I tried > enabling charon and didn´t work either. > > Regards, > > > Omar > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
