Actions
Bug #4785
closed
IKEv2 w/PSK not matching where remote is FQDN
Start date:
06/22/2015
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.3
Affected Architecture:
Description
Where using IKEv2 with PSK on a site to site VPN, where the identifiers are IPs, and the remote is a FQDN, you end up with something like the following:
Jun 22 16:29:44 charon: 01[NET] <con3|1> sending packet: from 172.27.44.52[500] to 172.27.44.51[500] (300 bytes) Jun 22 16:29:44 charon: 01[NET] <con3|1> received packet: from 172.27.44.51[500] to 172.27.44.52[500] (76 bytes) Jun 22 16:29:44 charon: 01[ENC] <con3|1> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] Jun 22 16:29:44 charon: 01[IKE] <con3|1> received AUTHENTICATION_FAILED notify error Jun 22 16:29:44 charon: 01[IKE] <con3|1> received AUTHENTICATION_FAILED notify error
or:
Jun 22 16:27:14 charon: 05[IKE] <con3|3> no shared key found for '172.27.44.52' - '172.27.44.51' Jun 22 16:27:14 charon: 05[IKE] <con3|3> no shared key found for '172.27.44.52' - '172.27.44.51'
where ipsec.secrets is configured like:
%any 172.27.44.51 : PSK 0sFjeRIUgndkfjEiufeskFD
Change %any to the specific local identifier and it works fine.
172.27.44.52 172.27.44.51 : PSK 0sFjeRIUgndkfjEiufeskFD
Updated by Chris Buechler over 9 years ago
- Status changed from Confirmed to Feedback
- Assignee set to Chris Buechler
should be fixed, need to double check every type of config to verify all still work.
Updated by Renato Botelho over 9 years ago
- % Done changed from 0 to 100
Applied in changeset dbd43cc24d6c18f6bf279c4e52a7a01d2bdfb8c5.
Updated by Renato Botelho over 9 years ago
Applied in changeset a241d6b53ac8d1aefe854d673ed5f41693ce9388.
Actions