Project

General

Profile

Actions
Copy link

Bug #4785

closed

IKEv2 w/PSK not matching where remote is FQDN

Added by Chris Buechler over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Chris Buechler
Category:
IPsec
Target version:
2.2.3
Start date:
06/22/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.3
Affected Architecture:

Description

Where using IKEv2 with PSK on a site to site VPN, where the identifiers are IPs, and the remote is a FQDN, you end up with something like the following:

Jun 22 16:29:44    charon: 01[NET] <con3|1> sending packet: from 172.27.44.52[500] to 172.27.44.51[500] (300 bytes)
Jun 22 16:29:44    charon: 01[NET] <con3|1> received packet: from 172.27.44.51[500] to 172.27.44.52[500] (76 bytes)
Jun 22 16:29:44    charon: 01[ENC] <con3|1> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Jun 22 16:29:44    charon: 01[IKE] <con3|1> received AUTHENTICATION_FAILED notify error
Jun 22 16:29:44    charon: 01[IKE] <con3|1> received AUTHENTICATION_FAILED notify error

or: 

Jun 22 16:27:14    charon: 05[IKE] <con3|3> no shared key found for '172.27.44.52' - '172.27.44.51'
Jun 22 16:27:14    charon: 05[IKE] <con3|3> no shared key found for '172.27.44.52' - '172.27.44.51'

where ipsec.secrets is configured like: 

%any 172.27.44.51 : PSK 0sFjeRIUgndkfjEiufeskFD

Change %any to the specific local identifier and it works fine. 

172.27.44.52 172.27.44.51 : PSK 0sFjeRIUgndkfjEiufeskFD

Actions
Copy link

Also available in: Atom PDF