<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I added that package and got further
this time:<br>
<br>
<blockquote type="cite">Jun 28 07:33:57 Z560 charon-nm: 13[IKE]
server requested EAP_IDENTITY (id 0x00), sending 'dhdurgee'<br>
Jun 28 07:33:57 Z560 charon-nm: 13[ENC] generating IKE_AUTH
request 2 [ EAP/RES/ID ]<br>
Jun 28 07:33:57 Z560 charon-nm: 13[NET] sending packet: from
192.168.1.114[47031] to 108.31.28.59[4500] (92 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 15[NET] received packet: from
108.31.28.59[4500] to 192.168.1.114[47031] (108 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 15[ENC] parsed IKE_AUTH response
2 [ EAP/REQ/MSCHAPV2 ]<br>
Jun 28 07:33:58 Z560 charon-nm: 15[IKE] server requested
EAP_MSCHAPV2 authentication (id 0xB0)<br>
Jun 28 07:33:58 Z560 charon-nm: 15[ENC] generating IKE_AUTH
request 3 [ EAP/RES/MSCHAPV2 ]<br>
Jun 28 07:33:58 Z560 charon-nm: 15[NET] sending packet: from
192.168.1.114[47031] to 108.31.28.59[4500] (140 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 01[NET] received packet: from
108.31.28.59[4500] to 192.168.1.114[47031] (140 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 01[ENC] parsed IKE_AUTH response
3 [ EAP/REQ/MSCHAPV2 ]<br>
Jun 28 07:33:58 Z560 charon-nm: 01[IKE] EAP-MS-CHAPv2 succeeded:
'Welcome2strongSwan'<br>
Jun 28 07:33:58 Z560 charon-nm: 01[ENC] generating IKE_AUTH
request 4 [ EAP/RES/MSCHAPV2 ]<br>
Jun 28 07:33:58 Z560 charon-nm: 01[NET] sending packet: from
192.168.1.114[47031] to 108.31.28.59[4500] (76 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 07[NET] received packet: from
108.31.28.59[4500] to 192.168.1.114[47031] (76 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 07[ENC] parsed IKE_AUTH response
4 [ EAP/SUCC ]<br>
Jun 28 07:33:58 Z560 charon-nm: 07[IKE] EAP method EAP_MSCHAPV2
succeeded, MSK established<br>
Jun 28 07:33:58 Z560 charon-nm: 07[IKE] authentication of
'dhdurgee' (myself) with EAP<br>
Jun 28 07:33:58 Z560 charon-nm: 07[ENC] generating IKE_AUTH
request 5 [ AUTH ]<br>
Jun 28 07:33:58 Z560 charon-nm: 07[NET] sending packet: from
192.168.1.114[47031] to 108.31.28.59[4500] (92 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 06[NET] received packet: from
108.31.28.59[4500] to 192.168.1.114[47031] (124 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 06[ENC] parsed IKE_AUTH response
5 [ AUTH N(MOBIKE_SUP) N(NO_ADD_ADDR) N(FAIL_CP_REQ)
N(TS_UNACCEPT) ]<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] authentication of
'durgeeenterprises.publicvm.com' with EAP successful<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] IKE_SA Durgee
Enterprises, LLC[1] established between
192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] scheduling rekeying in
35606s<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] maximum IKE_SA lifetime
36206s<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] received
FAILED_CP_REQUIRED notify, no CHILD_SA built<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] failed to establish
CHILD_SA, keeping IKE_SA<br>
Jun 28 07:33:58 Z560 charon-nm: 06[IKE] peer supports MOBIKE<br>
Jun 28 07:33:58 Z560 charon-nm: 08[IKE] deleting IKE_SA Durgee
Enterprises, LLC[1] between
192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]<br>
Jun 28 07:33:58 Z560 charon-nm: 08[IKE] sending DELETE for
IKE_SA Durgee Enterprises, LLC[1]<br>
Jun 28 07:33:58 Z560 charon-nm: 08[ENC] generating INFORMATIONAL
request 6 [ D ]<br>
Jun 28 07:33:58 Z560 charon-nm: 08[NET] sending packet: from
192.168.1.114[47031] to 108.31.28.59[4500] (76 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 09[NET] received packet: from
108.31.28.59[4500] to 192.168.1.114[47031] (76 bytes)<br>
Jun 28 07:33:58 Z560 charon-nm: 09[ENC] parsed INFORMATIONAL
response 6 [ ]<br>
Jun 28 07:33:58 Z560 charon-nm: 09[IKE] IKE_SA deleted<br>
</blockquote>
<br>
Obviously I am still missing something or have a setting wrong.
Any suggestions?<br>
<br>
Dave<br>
<br>
</div>
<blockquote type="cite"
cite="mid:CWLP265MB4111E7D55BC876A985F4A3D0B9039@CWLP265MB4111.GBRP265.PROD.OUTLOOK.COM">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>
<div>
<p style="margin: 0px; font-size: 17px; line-height: normal;
caret-color: rgb(0, 0, 0)">
<span>Charles Fadipe wrote: Hi David,</span></p>
<p style="margin: 0px; font-size: 17px; line-height: normal;
caret-color: rgb(0, 0, 0)">
<span><br>
</span></p>
<p style="margin: 0px; font-size: 17px; line-height: normal;
caret-color: rgb(0, 0, 0)">
<span>Please confirm you have StrongSwann’s<span> <span> </span></span>eap-mschapv2
plugin installed.</span></p>
<p style="margin: 0px; font-size: 17px; line-height: normal;
caret-color: rgb(0, 0, 0)">
<span>If not try Installing,<span><span> </span></span>libcharon-extra-plugins
on your client.</span></p>
<div id="ms-outlook-mobile-signature">
<div style="font-size: 12pt; text-align: start; color:
black; font-family: Calibri, Arial, Helvetica,
sans-serif; line-height: 24px" dir="ltr">
<br>
</div>
<div style="font-size: 12pt; text-align: start; color:
black; font-family: Calibri, Arial, Helvetica,
sans-serif; line-height: 24px">
Kind Regards</div>
<div style="font-size: 12pt; text-align: start; color:
black; font-family: Calibri, Arial, Helvetica,
sans-serif; line-height: 24px">
<br>
</div>
<div style="text-align: start; caret-color: rgb(0, 0, 0);
color: rgb(0, 0, 0); font-family: -apple-system,
HelveticaNeue">
<div>
<div>
<div dir="ltr" style="color: black; font-size: 12pt;
font-family: Calibri, Arial, Helvetica,
sans-serif; line-height: 24px">
<div style="color: rgb(33, 33, 33); font-size:
11pt; font-family: Calibri, sans-serif; margin:
0px; line-height: 22px">
<span></span></div>
<span></span>
<p style="color: rgb(33, 33, 33); font-size: 11pt;
font-family: Calibri, sans-serif;
background-color: white; margin: 0px;
line-height: 22px">
<i>Charles Fadipe</i></p>
<div style="color: rgb(33, 33, 33); font-size:
11pt; font-family: Calibri, sans-serif;
background-color: white; margin: 0px;
line-height: 22px">
<i>Junior Penetration and Security Tester<br>
</i></div>
<div style="color: rgb(33, 33, 33); font-size:
11pt; font-family: Calibri, sans-serif;
background-color: white; margin: 0px;
line-height: 22px">
<i>University Information Services<br>
</i></div>
<p style="color: rgb(33, 33, 33); font-size: 11pt;
font-family: Calibri, sans-serif;
background-color: white; margin: 0px;
line-height: 22px">
<span style="margin: 0px"><i>University of
Cambridge</i> </span></p>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<div> </div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri,
sans-serif"><b>From:</b> Users
<a class="moz-txt-link-rfc2396E" href="mailto:users-bounces@lists.strongswan.org"><users-bounces@lists.strongswan.org></a> on behalf of
David H Durgee <a class="moz-txt-link-rfc2396E" href="mailto:dhdurgee@verizon.net"><dhdurgee@verizon.net></a><br>
<b>Sent:</b> Sunday, June 27, 2021 10:42 pm<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a><br>
<b>Subject:</b> [strongSwan] problem connecting linux
laptop to VPN using network-manager-strongswan 1.4.5-2.1
<div> </div>
</font></div>
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style><font
size="2"><span style="font-size:11pt;">
<div class="PlainText">I am encountering a problem
attempting to access a VPN using strongswan
<br>
from my linux laptop. I have it working from an android
phone and <br>
tablet as well as a windows laptop, so I know the server
is configured <br>
properly.<br>
<br>
The connection appears to start normally and then fails
at the EAP <br>
stage. Log on the linux laptop shows:<br>
<br>
> Jun 27 17:05:15 Z560 charon-nm: 06[IKE]
authentication of <br>
> 'durgeeenterprises.publicvm.com' with
RSA_EMSA_PKCS1_SHA2_384 successful<br>
> Jun 27 17:05:15 Z560 charon-nm: 06[IKE] server
requested EAP_IDENTITY <br>
> (id 0x00), sending 'dhdurgee'<br>
> Jun 27 17:05:15 Z560 charon-nm: 06[IKE]
EAP_IDENTITY not supported, <br>
> sending EAP_NAK<br>
> Jun 27 17:05:15 Z560 charon-nm: 06[ENC] generating
IKE_AUTH request 2 <br>
> [ EAP/RES/NAK ]<br>
> Jun 27 17:05:15 Z560 charon-nm: 06[NET] sending
packet: from <br>
> 192.168.1.114[60298] to 108.31.28.59[4500] (76
bytes)<br>
> Jun 27 17:05:15 Z560 charon-nm: 09[NET] received
packet: from <br>
> 108.31.28.59[4500] to 192.168.1.114[60298] (76
bytes)<br>
> Jun 27 17:05:15 Z560 charon-nm: 09[ENC] parsed
IKE_AUTH response 2 [ <br>
> EAP/FAIL ]<br>
> Jun 27 17:05:15 Z560 charon-nm: 09[IKE] received
EAP_FAILURE, EAP <br>
> authentication failed<br>
> Jun 27 17:05:15 Z560 charon-nm: 09[ENC] generating
INFORMATIONAL <br>
> request 3 [ N(AUTH_FAILED) ]<br>
> Jun 27 17:05:15 Z560 charon-nm: 09[NET] sending
packet: from <br>
> 192.168.1.114[60298] to 108.31.28.59[4500] (76
bytes)<br>
<br>
While on the server end I see:<br>
<br>
> Jun 27 17:05:15 DG41TY charon: 06[CFG] looking for
peer configs <br>
> matching
192.168.80.11[%any]...172.58.187.218[dhdurgee]<br>
> Jun 27 17:05:15 DG41TY charon: 06[CFG] selected
peer config 'ikev2-vpn'<br>
> Jun 27 17:05:15 DG41TY charon: 06[IKE] initiating
EAP_IDENTITY method <br>
> (id 0x00)<br>
> Jun 27 17:05:15 DG41TY charon: 06[IKE] peer
supports MOBIKE<br>
> Jun 27 17:05:15 DG41TY charon: 06[IKE]
authentication of <br>
> 'durgeeenterprises.publicvm.com' (myself) with
RSA_EMSA_PKCS1_SHA384 <br>
> successful<br>
> Jun 27 17:05:15 DG41TY charon: 06[IKE] sending end
entity cert "C=US, <br>
> O=Durgee Enterprises LLC,
CN=durgeeenterprises.publicvm.com"<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] generating
IKE_AUTH response 1 <br>
> [ IDr CERT AUTH EAP/REQ/ID ]<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] splitting
IKE message with <br>
> length of 2092 bytes into 5 fragments<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] generating
IKE_AUTH response 1 <br>
> [ EF(1/5) ]<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] generating
IKE_AUTH response 1 <br>
> [ EF(2/5) ]<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] generating
IKE_AUTH response 1 <br>
> [ EF(3/5) ]<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] generating
IKE_AUTH response 1 <br>
> [ EF(4/5) ]<br>
> Jun 27 17:05:15 DG41TY charon: 06[ENC] generating
IKE_AUTH response 1 <br>
> [ EF(5/5) ]<br>
> Jun 27 17:05:15 DG41TY charon: 06[NET] sending
packet: from <br>
> 192.168.80.11[4500] to 172.58.187.218[54591] (544
bytes)<br>
> Jun 27 17:05:15 DG41TY charon: message repeated 3
times: [ 06[NET] <br>
> sending packet: from 192.168.80.11[4500] to
172.58.187.218[54591] (544 <br>
> bytes)]<br>
> Jun 27 17:05:15 DG41TY charon: 06[NET] sending
packet: from <br>
> 192.168.80.11[4500] to 172.58.187.218[54591] (176
bytes)<br>
> Jun 27 17:05:15 DG41TY charon: 05[NET] received
packet: from <br>
> 172.58.187.218[54591] to 192.168.80.11[4500] (76
bytes)<br>
> Jun 27 17:05:15 DG41TY charon: 05[ENC] parsed
IKE_AUTH request 2 [ <br>
> EAP/RES/NAK ]<br>
> Jun 27 17:05:15 DG41TY charon: 05[IKE] received
EAP_NAK, sending <br>
> EAP_FAILURE<br>
> Jun 27 17:05:15 DG41TY charon: 05[ENC] generating
IKE_AUTH response 2 <br>
> [ EAP/FAIL ]<br>
> Jun 27 17:05:15 DG41TY charon: 05[NET] sending
packet: from <br>
> 192.168.80.11[4500] to 172.58.187.218[54591] (76
bytes)<br>
<br>
What am I doing wrong here? I assume I have an error in
the linux <br>
client configuration, since android and windows clients
work with the <br>
server. What did I miss?<br>
<br>
Dave<br>
<br>
</div>
</span></font></div>
</div>
</blockquote>
<br>
</body>
</html>