I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 .
I'm just experimenting on a couple of internal systems since I'm new to this.
Output:
root@ip-10-1-1-4:/etc# ipsec auto --up L2TP-PSK
104 "L2TP-PSK" #10: STATE_MAIN_I1: initiate
003 "L2TP-PSK" #10: received Vendor ID payload [Openswan (this version) 2.6.38 ]
003 "L2TP-PSK" #10: received Vendor ID payload [Dead Peer Detection]
003 "L2TP-PSK" #10: received Vendor ID payload [RFC 3947] method set to=115
003 "L2TP-PSK" #10: Can't authenticate: no preshared key found for `10.1.1.4' and `10.1.1.36'. Attribute OAKLEY_AUTHENTICATION_METHOD
003 "L2TP-PSK" #10: no acceptable Oakley Transform
214 "L2TP-PSK" #10: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN
Server:
10.1.1.36 %any : PSK "69EA16F2C529E74A7D1B0FE99E69F6BDCD3E44"
Client:
%any 10.1.1.36 : PSK "69EA16F2C529E74A7D1B0FE99E69F6BDCD3E44"
I know that it doesn't necessarily matter which sides of the conversation are actually designated as "left" and "right" since it's detected automatically and I don't know if/how these relate to which of the two addresses is which in the two lines above. However, I've tried switching both values and using all IPs (so that there are no "%any" values). I'm also not sure which side of the conversation is originating the complaint.
Can someone with more experience give me a hint about where to do from here :) ?
Thanks. This is, of course, a little obscure for a newcomer.
