Hi, I need to build an ipsec tunnel between CheckPoint and FreeSwan. The policy of my communication partner froces me to use presharedkeys If we try to negotiate the connection the following messages shows up in /var/log/messages Nov 4 15:56:08 mail Pluto[2450]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload Nov 4 15:56:08 mail Pluto[2450]: "here-there" #8: responding to Main Mode Nov 4 15:56:08 mail Pluto[2450]: "here-there" #8: Can't authenticate: no preshared key. Attri Nov 4 15:56:08 mail Pluto[2450]: "here-there" #8: no acceptable Oakley Transform with /etc/ipsec.conf like: # sample connection conn here-there # Left security gateway, subnet behind it, next hop toward right. type=tunnel authby=secret keylife=1440 ikelifetime=6h keyexchange=ike auth=esp pfs=no leftid=@.... left=www.xxx.yyy.zzz leftnexthop=www.xxx.yyy.zzx leftsubnet=192.168.1.0/24 leftupdown=/usr/lib/ipsec/_updown.cust # Right security gateway, subnet behind it, next hop toward left. right=aaa.bbb.ccc.ddd rightupdown=/usr/lib/ipsec/_updown.cust rightid=@---- rightsubnet=10.1.0.0/16 # To authorize this connection, but not actually start it, at startup, # uncomment this. auto=add keyingtries=1 and /etc/ipsec.secrets like: [...] # Must be same on both; generate on one and copy to the other. aaa.bbb.ccc.ddd www.xxx.yyy.zzz : PSK "Rumpelstielzchen" # RSA private key for this host, authenticating it to any other host # which knows the public part. Put ONLY the "pubkey" part into connection # descriptions on the other host(s); it need not be kept secret. : RSA { [...] } What may go wrong? Any hints are welcome. Yours sincerly Thom -- ------------------------------------------------------------------- bye bye (c) by Thom | Thorsten Marquardt | EMail: THOM@kaupp.chemie.uni-oldenburg.de | Member of the pzt project. | http://kaupp.chemie.uni-oldenburg.de/pzt -------------------------------------------------------------------