I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 .
I'm just experimenting on a couple of internal systems since I'm new to this.
Output:
root@ip-10-1-1-4:/etc# ipsec auto --up L2TP-PSK
104 "L2TP-PSK" #10: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #10: received Vendor ID payload [Openswan (this version) 2.6.38 ]
003 "L2TP-PSK" #10: received Vendor ID payload [Dead Peer Detection]
003 "L2TP-PSK" #10: received Vendor ID payload [RFC 3947] method set to=115
003 "L2TP-PSK" #10: Can't authenticate: no preshared key found for `10.1.1.4' and `10.1.1.36'. Attribute OAKLEY_AUTHENTICATION_METHOD
003 "L2TP-PSK" #10: no acceptable Oakley Transform
214 "L2TP-PSK" #10: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN
Server:
10.1.1.36 %any : PSK "69EA16F2C529E74A7D1B0FE99E69F6BDCD3E44"
Client:
%any 10.1.1.36 : PSK "69EA16F2C529E74A7D1B0FE99E69F6BDCD3E44"
I know that it doesn't necessarily matter which sides of the conversation are actually designated as "left" and "right" since it's detected automatically and I don't know if/how these relate to which of the two addresses is which in the two lines above. However, I've tried switching both values and using all IPs (so that there are no "%any" values). I'm also not sure which side of the conversation is originating the complaint.
Can someone with more experience give me a hint about where to do from here :) ?
Thanks. This is, of course, a little obscure for a newcomer.
If so, try replacing the double quotes around your secret with single quotes. (I found this suggestion in the openswan documentation, but I haven't tested it both ways.)
Secret line must be followed by a blank line. (Same as above, suggested in the openswan docs, but haven't tested both ways)
For me it ended up that I needed to define the path to the secrets file here:
/etc/strongswan.d/charon/stroke.conf
For whatever reason, without that, it was not reading /etc/ipsec.secrets