Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How to enter pre-shared key for strongswan?

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
toquinho
Posts: 59
Joined: 2014-06-24 16:50
Been thanked: 1 time

How to enter pre-shared key for strongswan?

#1 Post by toquinho »

I am trying to connect to a VPN using strongswan. I run Debian 8.5 with the backported kernel 4.5.0. I installed network-manager-strongswan from the jessie-backports.

The VPN uses no certificate and a pre-shared key as authentication. When I try to connect to the VPN, the password dialog of the network manager says: "Pre-shared key required to establish VPN connection (min. 20 characters):" As there is no way to provide the key in the strongswan network manager, I provided the it in /etc/ipsec.secrets with the following line (I replaced the key by ***.):

Code: Select all

vpn.myprovider.com : PSK "***"

The pre-shared key, however, is only nine characters long. (I tried a fake key with a length of more than 20 characters, but this did not change anything.)

When restarting the ipsec service, I get some complaints about three missing plugins but it seems tha charon finally starts and (see output from journalcatl below).
Jun 14 17:20:57 TRILLIAN charon[12284]: 00[DMN] signal of type SIGTERM received. Shutting down
Jun 14 17:20:57 TRILLIAN ipsec_starter[12269]: charon stopped after 200 ms
Jun 14 17:20:57 TRILLIAN ipsec_starter[12269]: ipsec starter stopped
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 4.5.0-0.bpo.2-amd64, x86_64)
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[CFG] loaded IKE secret for vpn.myprovider.com
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default stroke updown
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[JOB] spawning 16 worker threads
Jun 14 17:20:57 TRILLIAN ipsec[12269]: 00[DMN] signal of type SIGTERM received. Shutting down
Jun 14 17:20:57 TRILLIAN ipsec[12269]: charon stopped after 200 ms
Jun 14 17:20:57 TRILLIAN ipsec[12269]: ipsec starter stopped
Jun 14 17:20:57 TRILLIAN ipsec_starter[12618]: Starting strongSwan 5.2.1 IPsec [starter]...
Jun 14 17:20:57 TRILLIAN ipsec[12618]: Starting strongSwan 5.2.1 IPsec [starter]...
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 4.5.0-0.bpo.2-amd64, x86_64)
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[CFG] loaded IKE secret for vpn.myprovider.com
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default stroke updown
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 14 17:20:57 TRILLIAN charon[12635]: 00[JOB] spawning 16 worker threads
Jun 14 17:20:57 TRILLIAN ipsec_starter[12618]: charon (12635) started after 40 ms
Jun 14 17:20:57 TRILLIAN ipsec[12618]: charon (12635) started after 40 ms
Jun 14 17:21:27 TRILLIAN NetworkManager[9963]: <error> [1465935687.034016] [vpn-manager/nm-vpn-connection.c:1778] get_secrets_cb(): Failed to request VPN secrets #3: (7) User canceled the secrets request.


With the entry in /etc/ipsec.secrets, the password dialog still says that the pre-shared key is required, and when I enter my password and try to log on, the dialog closes and reappears immediately.

Any help is greatly appreciated.
Top
Post Reply

Return to “System and Network configuration”