[Swan] no connection has been authorized with policy=PSK
Paul Wouters
paul at nohats.ca
Wed Sep 3 22:39:43 EEST 2014
On Wed, 3 Sep 2014, Bob Miller wrote:
> I hope this is just me being stupid; I built and deployed a new firewall
> for a client over the weekend (using 3.9), and testing it today I am
> getting error message:
>
> but no connection has been authorized with policy=PSK
>
> Sep 3 10:27:19 firewall pluto[10302]: packet from 199.247.177.61:500:
> initial Main Mode message received on 207.189.234.30:500 but no
> connection has been authorized with policy=PSK
>
> I am pretty sure, based on prior experience and doing a bit of checking
> on the web this morning, that the authby=secret line is supposed to
> authorize the connection with policy=PSK. Am I in error?
The error message is somewhat misleading. There is something else that
is not matching, but it is only telling you one of the major match
requirements (authby=)
> conn rw-l2tp-psk
> type=transport
> authby=secret
> left=199.247.234.30
> leftnexthop=207.189.235.254
> leftprotoport=17/%any
That should be leftprotoport=17/1701
> right=%any
> rightprotoport=17/%any
> rightsubnet=vhost:%no,%priv
> auto=add
> pfs=no
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
>
> root at firewall:~# cat /etc/ipsec.secrets
> 207.189.234.30 %any : PSK "mysecret"
Shouldn't this have 199.247.234.30 listed?
If this is the only connection on the server
you can also do:
: PSK "mysecret"
Paul
More information about the Swan
mailing list