Project

General

Profile

Actions

Bug #4785

closed

IKEv2 w/PSK not matching where remote is FQDN

Added by Chris Buechler over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Very High
Category:
IPsec
Target version:
Start date:
06/22/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.3
Affected Architecture:

Description

Where using IKEv2 with PSK on a site to site VPN, where the identifiers are IPs, and the remote is a FQDN, you end up with something like the following:

Jun 22 16:29:44    charon: 01[NET] <con3|1> sending packet: from 172.27.44.52[500] to 172.27.44.51[500] (300 bytes)
Jun 22 16:29:44    charon: 01[NET] <con3|1> received packet: from 172.27.44.51[500] to 172.27.44.52[500] (76 bytes)
Jun 22 16:29:44    charon: 01[ENC] <con3|1> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Jun 22 16:29:44    charon: 01[IKE] <con3|1> received AUTHENTICATION_FAILED notify error
Jun 22 16:29:44    charon: 01[IKE] <con3|1> received AUTHENTICATION_FAILED notify error

or:

Jun 22 16:27:14    charon: 05[IKE] <con3|3> no shared key found for '172.27.44.52' - '172.27.44.51'
Jun 22 16:27:14    charon: 05[IKE] <con3|3> no shared key found for '172.27.44.52' - '172.27.44.51'

where ipsec.secrets is configured like:

%any 172.27.44.51 : PSK 0sFjeRIUgndkfjEiufeskFD

Change %any to the specific local identifier and it works fine.

172.27.44.52 172.27.44.51 : PSK 0sFjeRIUgndkfjEiufeskFD

Actions #1

Updated by Chris Buechler over 6 years ago

  • Status changed from Confirmed to Feedback
  • Assignee set to Chris Buechler

should be fixed, need to double check every type of config to verify all still work.

Actions #2

Updated by Renato Botelho over 6 years ago

  • % Done changed from 0 to 100
Actions #4

Updated by Chris Buechler over 6 years ago

  • Status changed from Feedback to Resolved

confirmed good.

Actions

Also available in: Atom PDF