This is causing me problems, because the phantom entry is a respond-only PSK type with the key set to 1234. Since the ASG only allows a single PSK for respond-only mode to be defined on a per-platform basis, I am stuck with this weak key for any PSK-based VPN links that I want to set-up.
I currently have no PSK-based Remote Gateways defined, but I do see PSK definitions in the running IPsec configuration file.
Is there any way to manually clear-out this bogus entry out of the database?
Fragment from /var/sec/chroot-ipsec/etc/ipsec.conf:
conn S_REF_hrrCgAPQDy_1
left="***.***.***.***"
leftprotoport="17/0"
keyingtries="3"
esp="3des-md5"
authby="psk"
ikelifetime="28800"
keyexchange="ike"
rekeymargin="540"
pfs="no"
keylife="3600"
rightid="0.0.0.0"
rekey="no"
right="0.0.0.0"
auto="add"
leftupdown="/usr/libexec/ipsec/updown strict"
compress="no"
rightprotoport="17/%any"
ike="3des-sha-modp2048"
type="transport"
rightsubnetwithin="0.0.0.0/0"
Fragment from /var/sec/chroot-ipsec/etc/ipsec.secrets:
***.***.***.*** %any : PSK 0sMTIzNA==
***.***.***.*** %any : PSK 0sMTIzNA==
This thread was automatically locked due to age.
