Server Fault Asked on December 20, 2021
I try to establish VPN to a remote server.
However I get strange error – “no shared key found for” and I can not find any usable information for it.
strongswan configutation is as following:
1.1.1.1 = my server IP (client)
2.2.2.2 = IP of remote server (server)
config setup
charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4"
conn %default
ikelifetime=24h
keylife=24h
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
dpdtimeout = 300s
dpdaction = restart
closeaction = restart
conn Service
also=Operator
rightsubnet=10.71.20.44/32
auto=route
conn Operator
left=%defaultroute
leftid=1.1.1.1
leftsubnet=1.1.1.1
right=2.2.2.2
auto=route
dpdaction=restart
ike=3des-sha1-modp1024
esp=3des-sha1
%any 2.2.2.2 : PSK "PASSWORD"
When I try to connect, I get:
strongswan up Service
...
charon[25605]: 08[IKE] no shared key found for '1.1.1.1'[1.1.1.1] - '2.2.2.2'[2.2.2.2]
charon[25605]: 08[IKE] no shared key found for 1.1.1.1 - 2.2.2.2
I tried all kind of things in ipsec.secrets
, including %ani
and %any %any
, but same result.
charon[25605]: 11[CFG] received stroke: initiate 'Service'
charon[25605]: 16[IKE] initiating Main Mode IKE_SA Service[54120] to 2.2.2.2
charon[25605]: 16[IKE] initiating Main Mode IKE_SA Service[54120] to 2.2.2.2
charon[25605]: 16[ENC] generating ID_PROT request 0 [ SA V V V V V ]
charon[25605]: 16[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (248 bytes)
charon[25605]: 12[NET] received packet: from 2.2.2.2[500] to 1.1.1.1[500] (128 bytes)
charon[25605]: 12[ENC] parsed ID_PROT response 0 [ SA V V ]
charon[25605]: 12[IKE] received NAT-T (RFC 3947) vendor ID
charon[25605]: 12[IKE] received FRAGMENTATION vendor ID
charon[25605]: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
charon[25605]: 12[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (244 bytes)
charon[25605]: 08[NET] received packet: from 2.2.2.2[500] to 1.1.1.1[500] (304 bytes)
charon[25605]: 08[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
charon[25605]: 08[IKE] received Cisco Unity vendor ID
charon[25605]: 08[IKE] received XAuth vendor ID
charon[25605]: 08[ENC] received unknown vendor ID: 43:a1:83:ad:8e:22:1b:a5:bb:24:d1:14:77:5f:5a:40
charon[25605]: 08[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
charon[25605]: 08[IKE] no shared key found for '1.1.1.1'[1.1.1.1] - '2.2.2.2'[2.2.2.2]
charon[25605]: 08[IKE] no shared key found for 1.1.1.1 - 2.2.2.2
charon[25605]: 08[ENC] generating INFORMATIONAL_V1 request 549480164 [ N(INVAL_KE) ]
charon[25605]: 08[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (56 bytes)
Usually the problem is caused by an error in the configuration of ipsec.secrets. In my case I had copied the configuration of OpensWan so I also had a problem with :
. After adding the space we were able to proceed with the configuration.
Answered by Luis Fernando on December 20, 2021
in my case, the ipsec.secret was not formatted right, the operator ":" was without space
was:
YY.YY.YY.YY XX.XX.XX.XX: PSK "XXXXXXXXX
fix:
YY.YY.YY.YY XX.XX.XX.XX : PSK "XXXXXXXXX
Answered by Maoz Zadok on December 20, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP