<div dir="ltr"><div><div>Dear All,<br><br></div> I am trying to do IKEv2 EAP Username/password authentication between<span style="background-color:rgb(255,0,0)"><b><br></b></span>Dec 22 11:44:59 samsung-600<br><br></div><div>Client: Strongswan Android google play apk<br></div><div>Server: Strongswan server runningon my linux machine<br><br></div><div>Connection is failing with <br><span style="background-color:rgb(255,0,0)"><b>charon: 11[IKE] no shared key found for '10.0.0.35' - 'user1'<br><br></b></span></div><div><span style="background-color:rgb(255,0,0)"><b>Please find below the snapshot of my configuration files. Please let me know if I missed something.<br><br></b></span></div><div>ipsec.conf<br>---------------<br><br># ipsec.conf - strongSwan IPsec configuration file<br># basic configuration<br>config setup<br> # plutodebug=all<br> # crlcheckinterval=600<br> # strictcrlpolicy=yes<br> # cachecrls=yes<br> # nat_traversal=yes<br> charonstart=yes<br> plutostart=yes<br># Add connections here.<br>conn %default<br> ikelifetime=60m<br> keylife=20m<br> rekeymargin=3m<br> keyingtries=1<br> keyexchange=ikev2<br> authby=secret<br><br>conn ssandroid<br> left=10.0.0.35<br> leftfirewall=no<br> right=%any<br> rightsourceip = 10.0.0.2<br> rightauth=eap-mschapv2<br> rightsendcert=never<br> eap_identity=%any<br> auto=start<br><br></div><div>ipsec.secrets<br>-------------------<br>include /var/lib/strongswan/ipsec.secrets.inc<br> <br>user1:EAP "topsecretpassword"<br><br><br></div><div><u>Daemon log for this failure</u> i.e tail -f /var/log/syslog<br><br>c 22 11:44:58 samsung-600B4B-600B5B charon: 16[NET] received packet: from 10.0.0.29[59701] to 10.0.0.35[500]<br>Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) ]<br>Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[IKE] 10.0.0.29 is initiating an IKE_SA<br>Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[IKE] remote host is behind NAT<br>Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]<br>Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[NET] sending packet: from 10.0.0.35[500] to 10.0.0.29[59701]<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[NET] received packet: from 10.0.0.29[49704] to 10.0.0.35[4500]<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CP(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] received cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[CFG] looking for peer configs matching 10.0.0.35[%any]...10.0.0.29[user1]<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[CFG] selected peer config 'ssandroid'<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] initiating EAP-Identity request<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] peer supports MOBIKE<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] authentication of '10.0.0.35' (myself) with pre-shared key<br><span style="background-color:rgb(255,0,0)"><b>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] no shared key found for '10.0.0.35' - 'user1'<br></b></span>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]<br>Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[NET] sending packet: from 10.0.0.35[4500] to 10.0.0.29[49704]<br><br></div><div>Please help me resolve this issue.<br></div><div></div><div><div><div><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><font color="#666666">Regards,</font></div>
<div><font color="#666666">RaviKanth<br></font></div><br></div></div>
</div></div></div></div>