> > > since only a single common PSK can be used with IKEv1 Main Mode > and dynamic IP addresses, why don't you just define > > : PSK "temporal" > > Hi, when I use above PSK setup, the first tunnel works, but for the second, with identical dynamic configuration on the remote site and , I get:
"initial Main Mode message received on 200.38.56.150:500 but no connection has been authorized with policy=PSK" On ipsec.conf I have this for both remote sites: conn site1 #keyexchange=ikev1 auth=esp ike=3des-sha1-modp1024 ikelifetime=28800s esp=null-sha1 dpdaction=clear leftsourceip=192.168.230.1 pfs=no keyingtries=1 authby=secret #right=site1.dyndns.org right=%any rightsubnet=192.168.110.0/24 [email protected] #rightid=%any auto=add conn to-mariano-otero #keyexchange=ikev1 auth=esp ike=3des-sha1-modp1024 ikelifetime=28800s esp=null-sha1 dpdaction=clear leftsourceip=192.168.230.1 pfs=no keyingtries=1 authby=secret #right=mariano-otero.dyndns.org right=%any rightsubnet=192.168.111.0/24 [email protected] auto=add And when I try with ikev2 (enabling charonstart and charondebug=all) on Strongswan and remote devices, the same happens, only one tunnel is established By the way, I get almost no debug information with charon, just a line saying: "Jan 4 22:09:18 debian charon: 10[IKE] RemoteIP is initiating an IKE_SA" is this normal? Any idea why I canĀ“t make more tunnels to work? On this latter setup the Sonicwall logs reads "invalid payload". -- Omar
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
