Strongswan 无法连接“未找到共享密钥”

Question

Strongswan 无法连接“未找到共享密钥”

我尝试建立到远程服务器的 VPN。

但是我收到奇怪的错误 - “找不到共享密钥”，并且我找不到任何可用的信息。

Strongswan配置如下：

1.1.1.1 = my server IP (client)
2.2.2.2 = IP of remote server (server)

Run Code Online (Sandbox Code Playgroud)

ipsec配置文件

config setup
        charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4"

conn %default
        ikelifetime=24h
        keylife=24h
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=secret
        dpdtimeout = 300s
        dpdaction = restart
        closeaction = restart

conn Service
        also=Operator
        rightsubnet=10.71.20.44/32
        auto=route

conn Operator
        left=%defaultroute
        leftid=1.1.1.1
        leftsubnet=1.1.1.1
        right=2.2.2.2
        auto=route
        dpdaction=restart
        ike=3des-sha1-modp1024
        esp=3des-sha1

Run Code Online (Sandbox Code Playgroud)

ipsec 秘密

%any 2.2.2.2 : PSK "PASSWORD"

Run Code Online (Sandbox Code Playgroud)

当我尝试连接时，我得到：

strongswan up Service
...
charon[25605]: 08[IKE] no shared key found for '1.1.1.1'[1.1.1.1] - '2.2.2.2'[2.2.2.2]
charon[25605]: 08[IKE] no shared key found for 1.1.1.1 - 2.2.2.2

Run Code Online (Sandbox Code Playgroud)

我在中尝试了各种方法ipsec.secrets，包括%ani和%any %any，但结果相同。

完整日志

charon[25605]: 11[CFG] received stroke: initiate 'Service'
charon[25605]: 16[IKE] initiating Main Mode IKE_SA Service[54120] to 2.2.2.2
charon[25605]: 16[IKE] initiating Main Mode IKE_SA Service[54120] to 2.2.2.2
charon[25605]: 16[ENC] generating ID_PROT request 0 [ SA V V V V V ]
charon[25605]: 16[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (248 bytes)
charon[25605]: 12[NET] received packet: from 2.2.2.2[500] to 1.1.1.1[500] (128 bytes)
charon[25605]: 12[ENC] parsed ID_PROT response 0 [ SA V V ]
charon[25605]: 12[IKE] received NAT-T (RFC 3947) vendor ID
charon[25605]: 12[IKE] received FRAGMENTATION vendor ID
charon[25605]: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
charon[25605]: 12[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (244 bytes)
charon[25605]: 08[NET] received packet: from 2.2.2.2[500] to 1.1.1.1[500] (304 bytes)
charon[25605]: 08[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
charon[25605]: 08[IKE] received Cisco Unity vendor ID
charon[25605]: 08[IKE] received XAuth vendor ID
charon[25605]: 08[ENC] received unknown vendor ID: 43:a1:83:ad:8e:22:1b:a5:bb:24:d1:14:77:5f:5a:40
charon[25605]: 08[ENC] received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
charon[25605]: 08[IKE] no shared key found for '1.1.1.1'[1.1.1.1] - '2.2.2.2'[2.2.2.2]
charon[25605]: 08[IKE] no shared key found for 1.1.1.1 - 2.2.2.2
charon[25605]: 08[ENC] generating INFORMATIONAL_V1 request 549480164 [ N(INVAL_KE) ]
charon[25605]: 08[NET] sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (56 bytes)

Run Code Online (Sandbox Code Playgroud)

Answer 1

小智 8

就我而言， ipsec.secret 的格式不正确，运算符“：”没有空格

曾是：

YY.YY.YY.YY XX.XX.XX.XX:  PSK  "XXXXXXXXX

Run Code Online (Sandbox Code Playgroud)

使固定：

YY.YY.YY.YY XX.XX.XX.XX :  PSK  "XXXXXXXXX

Run Code Online (Sandbox Code Playgroud)

归档时间：	8 年，2 月前
查看次数：	19208 次
最近记录：	5 年，5 月前