found 1 matching config, but none allows pre-shared key authentication using Main Mode
Gorf last edited by
Howdy all. I have beat my head against the wall on this all weekend and I can not figure out what is the issue. I've got a libreswan instance in my AWS account setup pretty straight forward. I'm taking this one issue at a time and all I want to do is get past the phase1 negotiation. My PFSense config comes out looking like this:
config setup uniqueids = yes conn bypasslan leftsubnet = 192.168.8.0/24 rightsubnet = 192.168.8.0/24 authby = never type = passthrough auto = route conn con1000 fragmentation = yes keyexchange = ikev2 reauth = yes forceencaps = no mobike = no rekey = yes dpdaction = restart dpddelay = 10s dpdtimeout = 60s auto = route left = 126.96.36.199 right = 188.8.131.52 leftid = fqdn:whootis.hopto.org ikelifetime = 28800s ike = aes128-sha256-modp2048! leftauth = psk rightauth = psk rightid = 184.108.40.206
But when the session starts up, the system logs clearly show this error:
Sep 4 08:56:09 charon 02[IKE] <6969> found 1 matching config, but none allows pre-shared key authentication using Main Mode Sep 4 08:56:09 charon 02[CFG] <6969> candidate "bypasslan", match: 1/1/24 (me/other/ike) Sep 4 08:56:09 charon 02[CFG] <6969> looking for pre-shared key peer configs matching 220.127.116.11...18.104.22.168[10.2.0.11]
The config file clearly has "rightauth" and "leftauth" set to psk and the psk has the correct secret in it. I would love to tweak the config file on the firewall but I don't know how to do that without having it get overwritten.