Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    found 1 matching config, but none allows pre-shared key authentication using Main Mode

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gorf
      last edited by

      Howdy all. I have beat my head against the wall on this all weekend and I can not figure out what is the issue. I've got a libreswan instance in my AWS account setup pretty straight forward. I'm taking this one issue at a time and all I want to do is get past the phase1 negotiation. My PFSense config comes out looking like this:

      config setup
      	uniqueids = yes
      
      conn bypasslan
      	leftsubnet = 192.168.8.0/24
      	rightsubnet = 192.168.8.0/24
      	authby = never
      	type = passthrough
      	auto = route
      
      conn con1000
      	fragmentation = yes
      	keyexchange = ikev2
      	reauth = yes
      	forceencaps = no
      	mobike = no
      
      	rekey = yes
      
      
      	dpdaction = restart
      	dpddelay = 10s
      	dpdtimeout = 60s
      	auto = route
      	left = 73.109.32.142
      	right = 34.209.168.28
      	leftid = fqdn:whootis.hopto.org
      	ikelifetime = 28800s
      	ike = aes128-sha256-modp2048!
      	leftauth = psk
      	rightauth = psk
      	rightid = 34.209.168.28
      

      But when the session starts up, the system logs clearly show this error:

      Sep 4 08:56:09	charon		02[IKE] <6969> found 1 matching config, but none allows pre-shared key authentication using Main Mode
      Sep 4 08:56:09	charon		02[CFG] <6969> candidate "bypasslan", match: 1/1/24 (me/other/ike)
      Sep 4 08:56:09	charon		02[CFG] <6969> looking for pre-shared key peer configs matching 73.109.32.142...34.209.168.28[10.2.0.11]
      

      The config file clearly has "rightauth" and "leftauth" set to psk and the psk has the correct secret in it. I would love to tweak the config file on the firewall but I don't know how to do that without having it get overwritten.

      Any thoughts?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.