TransWikia.com

Strongswan can not connect "no shared key found for"

Server Fault Asked on December 20, 2021

I try to establish VPN to a remote server.

However I get strange error – “no shared key found for” and I can not find any usable information for it.

strongswan configutation is as following:

1.1.1.1 = my server IP (client)
2.2.2.2 = IP of remote server (server)

ipsec.conf

config setup
        charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4"

conn %default
        ikelifetime=24h
        keylife=24h
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=secret
        dpdtimeout = 300s
        dpdaction = restart
        closeaction = restart

conn Service
        also=Operator
        rightsubnet=10.71.20.44/32
        auto=route

conn Operator
        left=%defaultroute
        leftid=1.1.1.1
        leftsubnet=1.1.1.1
        right=2.2.2.2
        auto=route
        dpdaction=restart
        ike=3des-sha1-modp1024
        esp=3des-sha1

ipsec.secrets

%any 2.2.2.2 : PSK "PASSWORD"

When I try to connect, I get:

strongswan up Service
...
charon[25605]: 08[IKE] no shared key found for '1.1.1.1'[1.1.1.1] - '2.2.2.2'[2.2.2.2]
charon[25605]: 08[IKE] no shared key found for 1.1.1.1 - 2.2.2.2

I tried all kind of things in ipsec.secrets, including %ani and %any %any, but same result.

full log

charon[25605]: 11[CFG] received stroke: initiate 'Service'
charon[25605]: 16[IKE] initiating Main Mode IKE_SA Service[54120] to 2.2.2.2
charon[25605]: 16[IKE] initiating Main Mode IKE_SA Service[54120] to 2.2.2.2
charon[25605]: 16[ENC] generating ID_PROT request 0 [ SA V V V V V ]
charon[25605]: 16[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (248 bytes)
charon[25605]: 12[NET] received packet: from 2.2.2.2[500] to 1.1.1.1[500] (128 bytes)
charon[25605]: 12[ENC] parsed ID_PROT response 0 [ SA V V ]
charon[25605]: 12[IKE] received NAT-T (RFC 3947) vendor ID
charon[25605]: 12[IKE] received FRAGMENTATION vendor ID
charon[25605]: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
charon[25605]: 12[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (244 bytes)
charon[25605]: 08[NET] received packet: from 2.2.2.2[500] to 1.1.1.1[500] (304 bytes)
charon[25605]: 08[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
charon[25605]: 08[IKE] received Cisco Unity vendor ID
charon[25605]: 08[IKE] received XAuth vendor ID
charon[25605]: 08[ENC] received unknown vendor ID: 43:a1:83:ad:8e:22:1b:a5:bb:24:d1:14:77:5f:5a:40
charon[25605]: 08[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
charon[25605]: 08[IKE] no shared key found for '1.1.1.1'[1.1.1.1] - '2.2.2.2'[2.2.2.2]
charon[25605]: 08[IKE] no shared key found for 1.1.1.1 - 2.2.2.2
charon[25605]: 08[ENC] generating INFORMATIONAL_V1 request 549480164 [ N(INVAL_KE) ]
charon[25605]: 08[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (56 bytes)

2 Answers

Usually the problem is caused by an error in the configuration of ipsec.secrets. In my case I had copied the configuration of OpensWan so I also had a problem with :. After adding the space we were able to proceed with the configuration.

Answered by Luis Fernando on December 20, 2021

in my case, the ipsec.secret was not formatted right, the operator ":" was without space

was:

YY.YY.YY.YY XX.XX.XX.XX:  PSK  "XXXXXXXXX

fix:

YY.YY.YY.YY XX.XX.XX.XX :  PSK  "XXXXXXXXX

Answered by Maoz Zadok on December 20, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP