How to enter pre-shared key for strongswan?

Kernels & Hardware, configuring network, installing services

How to enter pre-shared key for strongswan?

Postby toquinho » 2016-06-19 22:04

I am trying to connect to a VPN using strongswan. I run Debian 8.5 with the backported kernel 4.5.0. I installed network-manager-strongswan from the jessie-backports.

The VPN uses no certificate and a pre-shared key as authentication. When I try to connect to the VPN, the password dialog of the network manager says: "Pre-shared key required to establish VPN connection (min. 20 characters):" As there is no way to provide the key in the strongswan network manager, I provided the it in /etc/ipsec.secrets with the following line (I replaced the key by ***.):

Code: Select all
vpn.myprovider.com : PSK "***"



The pre-shared key, however, is only nine characters long. (I tried a fake key with a length of more than 20 characters, but this did not change anything.)

When restarting the ipsec service, I get some complaints about three missing plugins but it seems tha charon finally starts and (see output from journalcatl below).

Jun 14 17:20:57 TRILLIAN charon[12284]: 00[DMN] signal of type SIGTERM received. Shutting down
Jun 14 17:20:57 TRILLIAN ipsec_starter[12269]: charon stopped after 200 ms
Jun 14 17:20:57 TRILLIAN ipsec_starter[12269]: ipsec starter stopped
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 4.5.0-0.bpo.2-amd64, x86_64)
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loaded IKE secret for vpn.myprovider.com
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default stroke updown
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[JOB] spawning 16 worker threads
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[DMN] signal of type SIGTERM received. Shutting down
Jun 14 17:20:57 TRILLIAN ipsec[12269]: charon stopped after 200 ms
Jun 14 17:20:57 TRILLIAN ipsec[12269]: ipsec starter stopped
Jun 14 17:20:57 TRILLIAN ipsec_starter[12618]: Starting strongSwan 5.2.1 IPsec [starter]...
Jun 14 17:20:57 TRILLIAN ipsec[12618]: Starting strongSwan 5.2.1 IPsec [starter]...
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 4.5.0-0.bpo.2-amd64, x86_64)
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loaded IKE secret for vpn.myprovider.com
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default stroke updown
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[JOB] spawning 16 worker threads
Jun 14 17:20:57 TRILLIAN ipsec_starter[12618]: charon (12635) started after 40 ms
Jun 14 17:20:57 TRILLIAN ipsec[12618]: charon (12635) started after 40 ms
Jun 14 17:21:27 TRILLIAN NetworkManager[9963]: <error> [1465935687.034016] [vpn-manager/nm-vpn-connection.c:1778] get_secrets_cb(): Failed to request VPN secrets #3: (7) User canceled the secrets request.


With the entry in /etc/ipsec.secrets, the password dialog still says that the pre-shared key is required, and when I enter my password and try to log on, the dialog closes and reappears immediately.

Any help is greatly appreciated.
toquinho
 
Posts: 24
Joined: 2014-06-24 16:50

Return to System configuration

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable