Thanks Tobias,
I was under the impression authby=secret will be same as left|rightauth=psk.
Thanks for your perfect shot.
RegardsAshok
On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <[email protected]>
wrote:
Hi Ashok,
> I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
>
> ...
> Aug 3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for
> 'moon.strongswan.org'
> ...
>
> May I know what am I missing?
A lesson in reading the log and status output perhaps ;-) The log
message above indicates that the daemon does not find a _private_ key,
not a _shared_ key. That's because the connection is set to use public
key authentication, not pre-shared key authentication, as can be seen in
the output here:
> root@user-Lenovo-Product:/home/user# ipsec statusall
> ...
> home: 192.168.1.5...192.168.1.16 IKEv1/2
> home: local: [moon.strongswan.org] uses public key authentication
> home: remote: [[email protected]] uses public key authentication
This is, of course, due to the `left|rightauth=psk` options you
commented out in ipsec.conf (the default is `pubkey`):
> conn home
> left=192.168.1.5
> [email protected]
> # leftauth=psk
> # leftauth=pubkey
> leftsubnet=192.168.1.5/32
> leftfirewall=yes
> right=192.168.1.16
> [email protected]
> rightsubnet=192.168.1.16/32
> # rightauth=psk
> ike=3des-md5-modp768!
> esp=aes128-sha1-modp1024!
> # auto=add
> auto=start
Regards,
Tobias
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
