<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Hello IL Ka,</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I followed this instructions here : <a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048">https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048</a></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">And installed the Cert using this steps to install the Certs in Windows :</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><pre class="gmail-code-pre gmail-command" style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;padding:1rem;font-size:14px;margin:1rem auto;width:745px;color:rgb(0,0,0);overflow:auto"><code style="box-sizing:border-box;background-color:transparent;border-radius:3px;color:rgb(58,58,58);line-height:22px;padding:0px;margin:0px"><ul class="gmail-prefixed" style="box-sizing:border-box;margin:0px;padding:0px;white-space:normal"><li class="gmail-line" style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px;list-style:disc outside none;white-space:pre;line-height:1.5">cat /etc/ipsec.d/cacerts/ca-cert.pem
</li></ul></code></pre><p style="box-sizing:border-box;margin:0px auto 22px;padding:0px;width:745px;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px">You'll see output similar to this:</p><pre class="gmail-code-pre" style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;padding:1rem;font-size:14px;margin:1rem auto;width:745px;color:rgb(0,0,0);overflow:auto"><code style="box-sizing:border-box;background-color:transparent;border-radius:3px;color:rgb(58,58,58);line-height:22px;padding:0px;margin:0px"><div class="gmail-secondary-code-label" title="Output" style="box-sizing:border-box;color:rgba(0,0,0,0.3);margin-bottom:4px">Output</div>-----BEGIN CERTIFICATE-----
MIIFQjCCAyqgAwIBAgIIFkQGvkH4ej0wDQYJKoZIhvcNAQEMBQAwPzELMAkGA1UE

. . .

EwbVLOXcNduWK2TPbk/+82GRMtjftran6hKbpKGghBVDPVFGFT6Z0OfubpkQ9RsQ
BayqOb/Q
-----END CERTIFICATE-----
</code></pre><p style="box-sizing:border-box;margin:0px auto 22px;padding:0px;width:745px;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px">Copy this output to your computer, including the <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">-----BEGIN CERTIFICATE-----</code> and <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">-----END CERTIFICATE-----</code> lines, and save it to a file with a recognizable name, such as <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">ca-cert.pem</code>. Ensure the file you create has the <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">.pem</code> extension.</p><p style="box-sizing:border-box;margin:0px auto 22px;padding:0px;width:745px;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px">Alternatively, <a href="https://www.digitalocean.com/community/tutorials/how-to-use-sftp-to-securely-transfer-files-with-a-remote-server" style="box-sizing:border-box;text-decoration-line:none;color:rgb(0,0,0);border-bottom:1px dotted rgb(0,0,0)">use SFTP to transfer the file to your computer</a>.</p><p style="box-sizing:border-box;margin:0px auto 22px;padding:0px;width:745px;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px">Once you have the <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">ca-cert.pem</code> file downloaded to your computer, you can set up the connection to the VPN.</p><h3 id="gmail-connecting-from-windows" style="box-sizing:border-box;margin:14px auto 11px;padding:0px;letter-spacing:0.005em;font-size:22px;color:rgb(58,58,58);width:745px;font-family:proxima-nova,sans-serif">Connecting from Windows</h3><p style="box-sizing:border-box;margin:0px auto 22px;padding:0px;width:745px;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px">First, import the root certificate by following these steps:</p><ol style="box-sizing:border-box;margin-bottom:1.7rem;padding-left:2.5rem;width:745px;margin-left:auto;margin-right:auto;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px"><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">Press <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">WINDOWS+R</code> to bring up the <span style="box-sizing:border-box;font-weight:600">Run</span> dialog, and enter <code style="box-sizing:border-box;background-color:rgba(0,0,0,0.05);border-radius:3px;line-height:22px;font-size:15px;padding:3px">mmc.exe</code> to launch the Windows Management Console.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">From the <span style="box-sizing:border-box;font-weight:600">File</span> menu, navigate to <span style="box-sizing:border-box;font-weight:600">Add or Remove Snap-in</span>, select <span style="box-sizing:border-box;font-weight:600">Certificates</span> from the list of available snap-ins, and click <span style="box-sizing:border-box;font-weight:600">Add</span>.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">We want the VPN to work with any user, so select <span style="box-sizing:border-box;font-weight:600">Computer Account</span> and click <span style="box-sizing:border-box;font-weight:600">Next</span>.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">We're configuring things on the local computer, so select <span style="box-sizing:border-box;font-weight:600">Local Computer</span>, then click <span style="box-sizing:border-box;font-weight:600">Finish</span>.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px"><p class="gmail-growable" style="box-sizing:border-box;margin:0px;padding:0px;width:100%;display:inline">Under the <span style="box-sizing:border-box;font-weight:600">Console Root</span> node, expand the <span style="box-sizing:border-box;font-weight:600">Certificates (Local Computer)</span> entry, expand <span style="box-sizing:border-box;font-weight:600">Trusted Root Certification Authorities</span>, and then select the <span style="box-sizing:border-box;font-weight:600">Certificates</span> entry:<br style="box-sizing:border-box"><img src="https://assets.digitalocean.com/articles/ikevpn_ubuntu_1604/4PN0vT6.png" alt="Certificates view" style="box-sizing: border-box; display: block; height: auto; margin-left: auto; margin-right: auto; max-width: 100%; border: 2px solid rgb(229, 229, 229);"></p></li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px"><p style="box-sizing:border-box;margin:0px;padding:0px;display:inline">From the <span style="box-sizing:border-box;font-weight:600">Action</span> menu, select <span style="box-sizing:border-box;font-weight:600">All Tasks</span> and click <span style="box-sizing:border-box;font-weight:600">Import</span> to display the Certificate Import Wizard. Click <span style="box-sizing:border-box;font-weight:600">Next</span> to move past the introduction.</p></li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px"><p style="box-sizing:border-box;margin:0px;padding:0px;display:inline">On the <span style="box-sizing:border-box;font-weight:600">File to Import</span> screen, press the <span style="box-sizing:border-box;font-weight:600">Browse</span> button and select the certificate file that you've saved. Then click <span style="box-sizing:border-box;font-weight:600">Next</span>.</p></li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px"><p style="box-sizing:border-box;margin:0px;padding:0px;display:inline">Ensure that the <span style="box-sizing:border-box;font-weight:600">Certificate Store</span> is set to <span style="box-sizing:border-box;font-weight:600">Trusted Root Certification Authorities</span>, and click <span style="box-sizing:border-box;font-weight:600">Next</span>.</p></li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px"><p style="box-sizing:border-box;margin:0px;padding:0px;display:inline">Click <span style="box-sizing:border-box;font-weight:600">Finish</span> to import the certificate.</p></li></ol><p style="box-sizing:border-box;margin:0px auto 22px;padding:0px;width:745px;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px">Then configure the VPN with these steps:</p><ol style="box-sizing:border-box;margin-bottom:1.7rem;padding-left:2.5rem;width:745px;margin-left:auto;margin-right:auto;color:rgb(0,0,0);font-family:proxima-nova,sans-serif;font-size:16px"><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">Launch <span style="box-sizing:border-box;font-weight:600">Control Panel</span>, then navigate to the <span style="box-sizing:border-box;font-weight:600">Network and Sharing Center</span>.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">Click on <span style="box-sizing:border-box;font-weight:600">Set up a new connection or network</span>, then select <span style="box-sizing:border-box;font-weight:600">Connect to a workplace</span>.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">Select <span style="box-sizing:border-box;font-weight:600">Use my Internet connection (VPN)</span>.</li><li style="box-sizing:border-box;margin:0px 0px 0.8rem;padding:0px 0px 0px 4px">Enter the VPN server details. Enter the server's domain name or IP address in the <span style="box-sizing:border-box;font-weight:600">Internet address</span>field, then fill in <span style="box-sizing:border-box;font-weight:600">Destination name</span> with something that describes your VPN connection. Then click <span style="box-sizing:border-box;font-weight:600">Done</span>.</li></ol></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Thanks</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 19, 2019 at 12:29 PM IL Ka <<a href="mailto:kazakevichilya@gmail.com">kazakevichilya@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>><span style="font-family:tahoma,sans-serif"> </span><span style="font-family:tahoma,sans-serif">EAP-Identity request configured, but not supported</span></div><div>try</div><div>"apt install libcharon-extra-plugins"</div><div><br></div><div>Did you install cert to your windows machine, btw? What error do you see on Windows side?</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 19, 2019 at 2:43 AM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com" target="_blank">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:tahoma,sans-serif">Dear Team,</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">I have been having long days trying to configure Strongswan on Ubuntu 18.04. I am not able to connect to the VPN from Windows 10 client, after following the instructions on this link : </div><div><font face="tahoma, sans-serif"><a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2</a></font><br></div><div><font face="tahoma, sans-serif">and setting up windows for modp_2048 following these instructions here :</font></div><div><font face="tahoma, sans-serif"><a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048</a><br></font></div><div><br></div></div></div></div></div></div></div></div>
</blockquote></div></div></div></div><div id="gmail-m_-1195591788851411328DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br> <table style="border-top:1px solid rgb(211,212,222)">
        <tbody><tr>
      <td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
                <td style="width:470px;padding-top:17px;color:rgb(65,66,78);font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" style="color:rgb(68,83,234)" target="_blank">www.avg.com</a>          </td>
        </tr>
</tbody></table>
<a href="#m_-1195591788851411328_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div>
</blockquote></div>