-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Ashok,
No, I mean that the default values for the different settings are supposed to be defined in "conn %default", not "conn default". The first conn name sets the default values, but the second name declares a conn called "default", it doesn't set any default values. "authby=secret" is the same as "leftauth=psk" and "rightauth=psk". "authby" is deprecated. Use "leftauth" and "rightauth". Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 05.08.2015 um 11:11 schrieb ashok kj: > Thanks Noel for the reply. So Do you mean that "authyby=secret" is same as > "left | rightauth=psk" > > Regards > Ashok > > > > On Tuesday, 4 August 2015 5:18 PM, Noel Kuntze <[email protected]> wrote: > > > > Hello Ashok > > conn %default != conn default > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 04.08.2015 um 12:05 schrieb ashok kj: > > Thanks Tobias, > > > I was under the impression authby=secret will be same as left|rightauth=psk. > > Thanks for your perfect shot. > > > Regards > > Ashok > > > > > On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi Ashok, > > > > I am trying to establish simple PSK IPSec session between 2 ubuntu > > > systems. > > > > > > ... > > > Aug 3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found > > > for 'moon.strongswan.org' > > > ... > > > > > > May I know what am I missing? > > > A lesson in reading the log and status output perhaps ;-) The log > > message above indicates that the daemon does not find a _private_ key, > > not a _shared_ key. That's because the connection is set to use public > > key authentication, not pre-shared key authentication, as can be seen in > > the output here: > > > > root@user-Lenovo-Product <mailto:root@user-Lenovo-Product> > > > <mailto:root@user-Lenovo-Product > > > <mailto:root@user-Lenovo-Product>>:/home/user# ipsec statusall > > > ... > > > home: 192.168.1.5...192.168.1.16 IKEv1/2 > > > home: local: [moon.strongswan.org] uses public key authentication > > > home: remote: [[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>] uses public > > > key authentication > > > This is, of course, due to the `left|rightauth=psk` options you > > commented out in ipsec.conf (the default is `pubkey`): > > > > > conn home > > > left=192.168.1.5 > > > [email protected] > > > # leftauth=psk > > > # leftauth=pubkey > > > leftsubnet=192.168.1.5/32 > > > leftfirewall=yes > > > right=192.168.1.16 > > > [email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > > > rightsubnet=192.168.1.16/32 > > > # rightauth=psk > > > ike=3des-md5-modp768! > > > esp=aes128-sha1-modp1024! > > > # auto=add > > > auto=start > > > Regards, > > > Tobias > > > > > > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > > https://lists.strongswan.org/mailman/listinfo/users > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVwtipAAoJEDg5KY9j7GZY0B8P/RI4Dbm1lgXJQT9ygoZDmuyd kEl7AdVmT8tii3v3jAkQI/1itzbR2JWzBAlUlEseXtROYUImBiN/l6lhkO68qZEX Wbyq3TMZGDIeJYywmF5CXQsIDqZ+JZcUOBFHZzVJZ5Kz0gWV+V50Knas9R4+tivH JiIydyua4idoEAOUlQ/Bh6GSzhOqOZ4ennfvvzHem/YMw/x34hIc6abn/B9za97B S2hWqWDF/5f0iPa3fWajP2NkfhaL87L7lKwTJdfduEpNH0lGWWvnZ0htZdsNmFgu BVDw5Bgd54ZJe5uzInXmEl7HUwDwiC2XQhAe/T9/Tr04BdLIZQYE//OCN5TvUd5m +AzOTzTmNFbjz2pAtVatkyw1n0cJ3fe4DAlAcOX/uXK3VVUlKXTBwb5rvCS9OF3B pL0QyzfrcPNylef3g39AbrPixrMM1kbHZPBNGbAWF5L0qOpSOpFZo4e95pHxOHeF 1Z5L8KKtoS5c1GPethSHI0+o9lBJnSlqTFPN3XUJXObFDSlzKjEMeZR/iOfkg+6L vg+6ae9u5yyX00I+KDppHDxSoN+d/d6QMLVhUQaVjUf+3nUZUVBDufxH+xwAu5Pk szmHnpP9/dlvwy5sZ6dZLsB23Sgbwhw4mmccY10MZlnRNK0r9kbQSIhSyUR0K4pq BD8Ti6qj27cWKlFfcC0+ =dMc1 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
