Ipsec connection with PSK asks for private key

Question

I try to connect with strongswan client to a IPsec server with IKEv2 but I receive the following error:

charon[1423]: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No ]
charon[1423]: 09[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
charon[1423]: 09[IKE] no private key found for 'MY.LOCAL.IP'

I think I don't need a private key, because I only have a PSK and the other server doesn't know any public key of me.

My ipsec.conf:

# basic configuration

config setup
# strictcrlpolicy=yes
# uniqueids = no

# Add connections here.

conn testconn
    auto="start"
    compress="no"
    esp="aes256-sha2_256_96"
    ike="aes256-sha2_256-modp2048"
    ikelifetime="28800"
    keyexchange="ike"
    keylife="3600"
    left="MY.LOCAL.IP"
    leftsubnet="MY.LOCAL.IP/32"
    rekeymargin="540"
    right="IP.OF.THE.EXTERNAL.SERVER"
    rightauth="psk"
    rightsubnet="LOCAL.IP.OF.THE.EXTERNAL.SERVER/32"
    type="tunnel"

How can I config strongswan to use PSK only and no key authentification?

score 0 · Accepted Answer · answered Feb 02 '23 at 20:50

0

Both, leftauth and rightauth must be set to PSK

leftauth="psk"
rightauth="psk"

answered Feb 02 '23 at 20:50

HeScm

15
5

Ipsec connection with PSK asks for private key

1 Answers1