IPSec over L2TP: key derivation for pre-shared key failed

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)







share|improve this question



















  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57















up vote
0
down vote

favorite












I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)







share|improve this question



















  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)







share|improve this question











I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)









share|improve this question










share|improve this question




share|improve this question









asked Jun 22 at 9:19









sheß

1013




1013











  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57

















  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57
















You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25




You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25












ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29




ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29












thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53




thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53












However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57





However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451255%2fipsec-over-l2tp-key-derivation-for-pre-shared-key-failed%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451255%2fipsec-over-l2tp-key-derivation-for-pre-shared-key-failed%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?