-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Ilyas,
You can gather more information about what is happening by activating logging. A link to that is here [1]. [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration Regards Noel Kuntze On 20.11.2013 16:48, ilyas Guennoun wrote: > Hi all > I am new on StrongSwan, so I may be missing something so obvious, but I spent > several hours with no progress > > I have installed a Strongswan instance and I am trying to connect it to a > cisco router for SME > I control both of them. > My strongSwan instance runs in a virtualbox VM but has an interface on my > "real" network 192.168.168.x and another interface to simulate a local > network 169.254.229.x > > I am trying to create a IP SEC tunnel, with preshared key but I have the > following error > Nov 20 16:29:32 ubuntu pluto[4932]: packet from 192.168.168.161:500: initial > Main Mode message received on 192.168.168.152:500 but no connection has been > authorized with policy=PSK > > PSK preshared key defined as follow > > --- > $ more /etc/ipsec.secrets > 192.168.168.152 192.168.168.161 : PSK "password" > include /var/lib/strongswan/ipsec.secrets.inc > --- > > All my search results indicate that whether ipsec.secrets is not defined well > or the preshared key is wrong. > the key is too simple to have an error and the ipsec.secrets file bellow > seems fine for me and does not indicate any error when typing $ipsec secrets > > ip sec status is as follow > --- > $ sudo ipsec statusall > 000 Status of IKEv1 pluto daemon (strongSwan 4.5.2): > 000 interface eth0/eth0 2a01:e35:8a29:50d0:a00:27ff:feab:e49:500 > 000 interface eth0/eth0 2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8:500 > 000 interface lo/lo ::1:500 > 000 interface lo/lo 127.0.0.1:500 > 000 interface eth0/eth0 192.168.168.152:500 > 000 interface eth1/eth1 169.254.229.110:500 > 000 %myid = '%any' > 000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 > pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve > 000 debug options: > raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore > 000 > Status of IKEv2 charon daemon (strongSwan 4.5.2): > uptime: 7 minutes, since Nov 20 16:16:34 2013 > malloc: sbrk 241664, mmap 0, used 136456, free 105208 > worker threads: 7 idle of 16, job queue load: 0, scheduled events: 0 > loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 > revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 > xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke > updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls > eap-ttls eap-tnc dhcp led addrblock > Listening IP addresses: > 192.168.168.152 > 2a01:e35:8a29:50d0:109e:e3c8:27b4:6bc8 > 2a01:e35:8a29:50d0:a00:27ff:feab:e49 > 169.254.229.110 > Connections: > cisco_home: 192.168.168.152...192.168.168.161 > cisco_home: local: [swan] uses pre-shared key authentication > cisco_home: remote: [cisco] uses pre-shared key authentication > cisco_home: child: 169.254.229.0/24 === 192.168.15.0/24 > Security Associations: > none > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSjOfFAAoJEDg5KY9j7GZYoEgP/1Xbm7egwHkewQCGGq7JWvxZ nSIM0HtIBUeqldnvPpX/pmA+X4evdsw71wz7rcb4SCPsXKqqgOvBKAGdwxIzpG1M xi4IoX+PGmSVUTMMCHuSe1bWjTREM1EXXEo+7dTxUw+OcT7ItRQ89igGDCGJLtqB nfE/3SaSQAz3SEAC07Hd5bJJ5aEU4FV60VbxOqRrIybsvN087aXVlLvUeeF8XA+Y i5kN0a3VlqifA2zjcUnd4uw0wnFJ4Tk/59oBGoOBk2Ev7J+I2C/o+WlFzCYn/iDA 0+C4zqCwMYKyF10NMx6n37L6RdJFhQZLMV6PDbKf/czVIrM5M7XCQOjt3IYyQd6r X84mJV3qI+Bth5/NpPUccySQAtDQPBCHxsQ+trB6YSKqVBIS0kTTheNj0181XX6P f6WadZ7PM/LMaU6l3MrzIe5Q8Ndsc/Dx/zGprkTFwsDCu62QhVWG0hCxYy6FEdBO 5KK5Sl/7GbCsoK/c9PAjME8t6v1cTRNgfa2sUarM1zhb0zj8j+8EPUwKHrYnBY+8 4QjtMDYUvHAawwQ/Lk+xKJcjty4FYYbOJZq/SXIKfd0u+OtS7S2ZP/9xyIq+ptsE bKNpyTWFesIp8hlcbWQSj37zevX+4dj9s8QKlez2aNHvEbhPtB0KIAFTeoyEIW/G nIvaxLuGB+hta03rBrt8 =llPJ -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
