Hi,<br><br>I trying since 2 weeks to get an strongswan 5.0.0 working. The Connection with Windows 7 works fine. Currently the Internet Connection is not working but i think thats a NAT-Forwarding Problem ;). <br><br>I use an RADIUS-Backend for Authentication and its working fine for Windows 7. But I canīt get it working for other Clients like iPhone, Android, Mac OS X or any other Windows Version than Windows 7.<br>
Specily with the iPhone he is "looking for XAuthInitPSK config" but then he shows "no peer config found" in the syslog entries.<br><br>I found the iPhone Tutorial on the strongswan wiki but this is not working for me because we have some hundreds of clients which need to work with a VPN-Connection and its not very <br>
convenient to place an cert & keyfile on every device.<br><br>So now my question:<br>1. Is there a way to get Android, iPhone, Mac OS X and older Windows Versions than Windows 7 working with an RADIUS without an cert&keyfile on every device ?. <br>
<br>Hereīs my current configuration:<br><br>## 1.2.3.4 --> Public IP<br>## 10.0.1.100 --> private IP on eth1<br><br>conn %default<br> #ikelifetime=60m<br> #keylife=20m<br> #rekeymargin=3m<br> #keyingtries=1<br>
#keyexchange=ike<br> mobike = yes<br><br>conn Windows7<br> keyexchange=ike<br> left=1.2.3.4 ## Place for eth0 Public IP<br> leftcert=/etc/ipsec.d/certs/cert.pem<br> leftsubnet=<a href="http://0.0.0.0/24">0.0.0.0/24</a><br>
leftauth=pubkey<br> leftfirewall=yes<br> right=%any<br> rightauth=eap-radius<br> rightsendcert=never<br> eap_identity=%identity<br> rightsourceip=<a href="http://10.0.1.101/30">10.0.1.101/30</a><br>
rightfirewall=yes<br> auto=add<br> <br>conn iPhone<br> keyexchange=ike<br> left=1.2.3.4 ## Place for eth0 Public IP<br> leftcert=/etc/ipsec.d/certs/cert.pem<br>
leftauth=pubkey<br> right=%any<br> rightsourceip=<a href="http://10.0.1.201/24">10.0.1.201/24</a><br> auto=add<br> rightauth=eap-xauth<br> eap_identity=%identity<br> <br> <br>
I compiled strongswan 5 with this ./configure Options:<br>./configure --prefix=/usr --sysconfdir=/etc --enable-xauth-eap --enable-eap-tls --enable-eap-radius --enable-eap-mschapv2 <br>--enable-eap-identity --enable-eap-md5 --enable-eap-peap --enable-eap-tls --enable-eap-ttls --enable-md4 --enable-dhcp <br>
--enable-farp --enable-kernel-klips --enable-kernel-pfkey<br><br>I hope you have some new ideas for me to get strongswan working.<br><br>Kind Regards<br>Steve<br>