Closed JuliusLongmind closed 4 years ago
I can't see the log output where strongswan tries to open the pre-shared key file, /etc/ipsec.d/ipsec.nm-l2tp.secrets
(or /etc/strongswan/ipsec.d/ipsec.nm-l2tp.secrets
e.g. Fedora).
Does /etc/ipsec.secrets
(or /etc/strongswan/ipsec.secrets
e.g. Fedora) have the following line?
include ipsec.d/ipsec.nm-l2tp.secrets
If not, add that line to ipsec.secrets
.
Does /etc/ipsec.d/ipsec.nm-l2tp.secrets
(or /etc/strongswan/ipsec.d/ipsec.nm-l2tp.secrets
e.g. Fedora) look something like the following (with an encoded PSK starting with 0s) ? :
: PSK 0sBase64_encoded_PSK
I should add, /etc/ipsec.d/ipsec.nm-l2tp.secrets
(or /etc/strongswan/ipsec.d/ipsec.nm-l2tp.secrets
e.g. Fedora) usually gets deleted when a VPN connection is gracefully stopped. When in debugging mode (see README.md) or I believe on connection failure, the ipsec.nm-l2tp.secrets
file wouldn't get deleted.
closing due to lack of activity.
After upgrading to 1.18.2 I cannot connect to the VPN server with preshared keys, while with 1.8.0 it was working. After downgrading to 1.8.0 the VPN connection doesn't work either.
Both ends are behind NAT.
Debug output of /usr/lib/NetworkManager/nm-l2tp-service
Starting strongSwan 5.8.2 IPsec [starter]... Loading config setup Loading conn 'e20fb2b4-74d3-4248-a4a9-7dd117b1574f' nm-l2tp[22018] Spawned ipsec up script with PID 22069.
initiating Main Mode IKE_SA e20fb2b4-74d3-4248-a4a9-7dd117b1574f[1] to public_IP_of_the_server
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from my_local_IP_behind_nat[500] to public_IP_of_the_server[500] (532 bytes)
received packet: from public_IP_of_the_server[500] to my_local_IP_behind_nat[500] (140 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received unknown vendor ID: 4f:53:57:71:77:50:64:40:5e:49:41:45
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from my_local_IP_behind_nat[500] to public_IP_of_the_server[500] (396 bytes)
received packet: from public_IP_of_the_server[500] to my_local_IP_behind_nat[500] (380 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
no shared key found for my_local_IP_behind_nat - public_IP_of_the_server
generating INFORMATIONAL_V1 request 2417051706 [ N(INVAL_KE) ]
sending packet: from my_local_IP_behind_nat[500] to public_IP_of_the_server[500] (56 bytes)
establishing connection 'e20fb2b4-74d3-4248-a4a9-7dd117b1574f' failed
Stopping strongSwan IPsec...
nm-l2tp[22018] Could not establish IPsec tunnel.