IPSec over L2TP: key derivation for pre-shared key failed

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)




networkmanager vpn ipsec l2tp




share|improve this question



















  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57















up vote
0
down vote

favorite












I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)




networkmanager vpn ipsec l2tp




share|improve this question



















  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)




networkmanager vpn ipsec l2tp




share|improve this question











I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:



Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...


I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:



SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)


Accordingly, I specified:



  • Phase 1 Algorithms: 3des-sha1-modp1024

  • Phase 2 Algorithms: 3des-sha1

I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)





networkmanager vpn ipsec l2tp





share|improve this question










share|improve this question




share|improve this question









asked Jun 22 at 9:19









sheß

1013




1013











  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57

















  • You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
    – luigi
    Jun 22 at 11:25










  • ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
    – luigi
    Jun 22 at 11:29










  • thanks for the suggestion, that didn't change much though :(
    – sheß
    Jun 23 at 2:53










  • However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
    – sheß
    Jun 23 at 2:57
















You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25




You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25












ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29




ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29












thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53




thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53












However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57





However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451255%2fipsec-over-l2tp-key-derivation-for-pre-shared-key-failed%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451255%2fipsec-over-l2tp-key-derivation-for-pre-shared-key-failed%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this questi...
Read more

Christian Cage

Image
Christian Cage Christian in March 2015 Birth name William Jason Reso Born ( 1973-11-30 ) November 30, 1973 (age 45) Kitchener, Ontario, Canada Residence Tampa, Florida, United States Spouse(s) Denise Hartmann ( m.   2001 ) Children 1 Professional wrestling career Ring name(s) Christian [1] Christian Cage [2] Conquistador Dos [3] Male Nurse [4] Billed height 6 ft 1 in (1.85 m) [1] Billed weight 212 lb (96 kg) [1] Billed from Tampa, Florida (WM18, TNA) Toronto, Ontario, Canada [1] Trained by Dory Funk Jr. [2] Ron Hutchison [5] Debut 1995 [5] Retired 2014 [6] William Jason Reso (born November 30, 1973) is a Canadian actor, podcaster and retired professional wrestler best known for his time in WWE under the ring name Christian , a shortened version of his original ring name Christian Cage that was also used during his tenure in Total Nonstop Action Wrestling (TNA). Reso was trained by former professional wrestlers Ron Hutchison and Dory Funk Jr. and m...
Read more

How to properly install USB display driver for Fresco Logic FL2000DX on Ubuntu?

Image
Clash Royale CLAN TAG #URR8PPP up vote 4 down vote favorite 1 I need to connect additional monitors on my computer and I get Fresco Logic FL2000DX USB display adapters. This adapters works perfect on Windows but I need to use on my development machine based on Ubuntu 16.04. I find this on git hub: https://github.com/fresco-fl2000/fl2000 and try to install it but installation fail. Can anyone help me regarding this? Thanks! ubuntu drivers display-settings proprietary-drivers share | improve this question asked Aug 16 '17 at 16:42 Ivijan Stefan Stipić 142 1 6 add a comment  |  up vote 4 down vote favorite 1 I need to connect additional monitors on my computer and I get Fresco Logic FL2000DX USB display adapters. This adapters works perfect on Windows but I need to use on my development machine based on Ubuntu 16.04. I find this on git hub: https://github.com/fresco-fl2000/fl2000 and ...
Read more