<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Thank you Noel, It connected, Will update you once i finish the below tests<br><br>1. NAT test<br>2. Ping communication test<br>3. Split tunnel test<br>4. Android test<br>5. iphone test<br><br>Thank you,<br>s.s.arvindhar<br><br><br><br><div>> Date: Thu, 3 Jul 2014 13:39:48 +0200<br>> From: noel@familie-kuntze.de<br>> To: arvindhar@hotmail.com; users@lists.strongswan.org<br>> Subject: Re: [strongSwan] Strongswan on Kali linux<br>> <br>> -----BEGIN PGP SIGNED MESSAGE-----<br>> Hash: SHA1<br>> <br>> Hello Arvindhar,<br>> <br>> As I wrote before, you need to set aggressive=yes in conn %default or conn rw <br>> or make the Shrewsoft Client initiate in main mode, not aggressive mode.<br>> <br>> Regards,<br>> Noel Kuntze<br>> <br>> GPG Key id: 0x63EC6658<br>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>> <br>> Am 03.07.2014 13:37, schrieb Arvindhar Subbu:<br>> > Dear Noel,<br>> > <br>> > Please check below ipsec.conf data. Kindly let me know if you want to know more details.<br>> > <br>> > ***********ipsec.conf************************************************<br>> > # ipsec.conf - strongSwan IPsec configuration file<br>> > # basic configuration<br>> > config setup<br>> > conn %default<br>> > type=tunnel<br>> > ike=aes128-sha1-modp2048,3des-sha1-modp1536<br>> > ikelifetime=60m<br>> > keylife=20m<br>> > rekeymargin=3m<br>> > keyingtries=1<br>> > keyexchange=ikev1<br>> > esp=aes128-sha1,3des-sha1<br>> > mobike=yes<br>> > leftikeport=4500<br>> > rightikeport=4500<br>> > conn rw<br>> > left=11.12.13.15<br>> > leftcert=gatewayCert.pem<br>> > leftid=arvindhar@gmail.com<br>> > leftfirewall=yes<br>> > right=%any<br>> > rightsourceip=192.168.20.0/24<br>> > auto=add<br>> > <br>> > # strictcrlpolicy=yes<br>> > # uniqueids = no<br>> > # Add connections here.<br>> > # Sample VPN connections<br>> > # conn sample-self-signed<br>> > # leftsubnet=10.1.0.0/16<br>> > # leftcert=selfCert.der<br>> > # leftsendcert=never<br>> > # right=192.168.0.2<br>> > # rightsubnet=10.2.0.0/16<br>> > # rightcert=peerCert.der<br>> > # auto=start<br>> > #conn sample-with-ca-cert<br>> > # leftsubnet=10.1.0.0/16<br>> > # leftcert=myCert.pem<br>> > # right=192.168.0.2<br>> > # rightsubnet=10.2.0.0/16<br>> > # rightid="C=CH, O=Linux strongSwan CN=peer name"<br>> > # auto=start<br>> > <br>> > ***************************************************************************<br>> > <br>> > Thank you,<br>> > s.s.arvindhar<br>> > <br>> > <br>> >> Date: Thu, 3 Jul 2014 12:30:08 +0200<br>> >> From: noel@familie-kuntze.de<br>> >> To: users@lists.strongswan.org<br>> >> Subject: Re: [strongSwan] Strongswan on Kali linux<br>> >><br>> > Hello Arvindhar,<br>> > <br>> > You need to set aggressive=yes in the conn. Also, please show us your ipsec.conf.<br>> > <br>> > Regards,<br>> > Noel Kuntze<br>> > <br>> > GPG Key id: 0x63EC6658<br>> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>> > <br>> > Am 03.07.2014 11:58, schrieb Arvindhar Subbu:<br>> >> Hi,<br>> > <br>> >> Unable to connect to Strongswan server from Road warrior.<br>> > <br>> >> I'm following 2dd.it strongswan guide to deploy on kali linux as a server and windows 7 as a road warrior. Please help/clue to solve.<br>> > <br>> >> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8<br>> > <br>> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26<br>> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51<br>> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b<br>> >> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID<br>> >> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without data<br>> >> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a Aggressive Mode IKE_SA<br>> >> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, CN=MILEYCYRUS, E=arvindhar@gmail.com]<br>> >> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found<br>> >> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request 152362081 [ N(AUTH_FAILED) ]<br>> >> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] to 11.12.13.18[500] (56 bytes)<br>> > <br>> >> Thank you,<br>> >> s.s.arvindhar<br>> > <br>> > <br>> >> _______________________________________________<br>> >> Users mailing list<br>> >> Users@lists.strongswan.org<br>> >> https://lists.strongswan.org/mailman/listinfo/users<br>> > <br>> >> _______________________________________________<br>> >> Users mailing list<br>> >> Users@lists.strongswan.org<br>> >> https://lists.strongswan.org/mailman/listinfo/users<br>> -----BEGIN PGP SIGNATURE-----<br>> Version: GnuPG v2<br>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/<br>> <br>> iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G<br>> QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq<br>> 9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its<br>> jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07<br>> WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4<br>> GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/<br>> L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V<br>> nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8<br>> YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL<br>> ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj<br>> gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE<br>> gbBqTqENf+sqD5mRSs6t<br>> =jkdN<br>> -----END PGP SIGNATURE-----<br></div> </div></body>
</html>