IPSec over L2TP: key derivation for pre-shared key failed
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...
I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
Accordingly, I specified:
- Phase 1 Algorithms: 3des-sha1-modp1024
- Phase 2 Algorithms: 3des-sha1
I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)
networkmanager vpn ipsec l2tp
asked Jun 22 at 9:19
sheß
1013
add a comment |Â
up vote
0
down vote
favorite
I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...
I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
Accordingly, I specified:
- Phase 1 Algorithms: 3des-sha1-modp1024
- Phase 2 Algorithms: 3des-sha1
I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)
networkmanager vpn ipsec l2tp
asked Jun 22 at 9:19
sheß
1013
You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25
ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29
thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53
However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...
I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
Accordingly, I specified:
- Phase 1 Algorithms: 3des-sha1-modp1024
- Phase 2 Algorithms: 3des-sha1
I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)
networkmanager vpn ipsec l2tp
asked Jun 22 at 9:19
sheß
1013
I set up a VPN to my Uni (using IPSec over L2TP) before using ~Ubunutu (GalliumOS), Strongswan, and NetworkManager, but this time I keep getting an error about my PSK, see this log output:
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (244 bytes)
Jun 22 11:01:44 charon[6145]: received packet: from 141.2.54.193[500] to 192.168.1.65[500] (260 bytes)
Jun 22 11:01:44 charon[6145]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 22 11:01:44 charon[6145]: key derivation for pre-shared key failed
Jun 22 11:01:44 charon[6145]: generating INFORMATIONAL_V1 request 522813457 [ N(INVAL_KE) ]
Jun 22 11:01:44 charon[6145]: sending packet: from 192.168.1.65[500] to 141.2.54.193[500] (56 bytes)
Jun 22 11:01:44 charon[6145]: establishing connection '358cedab-07d4-49ed-9851-b622f8770710' failed
Jun 22 11:01:44 charon[6145]: Stopping strongSwan IPsec...
I know for certain that the pre-shared key I use is fine. I remember that last time a problem was related to the cyphers. I thus ran the ike-scan script from the "known issues" site of network-manager-l2tp and got the following output:
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
Accordingly, I specified:
- Phase 1 Algorithms: 3des-sha1-modp1024
- Phase 2 Algorithms: 3des-sha1
I believe the problem must lie somewhere here any suggestions is greatly appreciated! (I am running Ubuntu, GalliumOS 2.1, 16.04, xenial, but that was the same when it worked)
networkmanager vpn ipsec l2tp
asked Jun 22 at 9:19
sheß
1013
asked Jun 22 at 9:19
sheß
1013
asked Jun 22 at 9:19
sheß
1013
asked Jun 22 at 9:19
sheß
1013
1013
You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25
ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29
thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53
However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
add a comment |Â
You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25
ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29
thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53
However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25
You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25
ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29
ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29
thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53
thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53
However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451255%2fipsec-over-l2tp-key-derivation-for-pre-shared-key-failed%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
You are getting an INVAL_KE error (i.e invalid PSK). Are you sure the pre-shared key is correct?
– luigi
Jun 22 at 11:25
ignore my response, I missed the part where you said you are sure that the PSK is correct. You could try using libreswan instead. You could do a 'sudo apt install libreswan' to switch to libreswan (and it will automatically uninstall strongswan)
– luigi
Jun 22 at 11:29
thanks for the suggestion, that didn't change much though :(
– sheß
Jun 23 at 2:53
However, what (weirdly did help) was purging and reinstalling strongswan. I have no idea why and I didn't change any of the settings. but somehow that did the trick
– sheß
Jun 23 at 2:57