[strongSwan] eap-mschapv2 is just working with one Windows 7

Hamid Zamani if.else.fi at gmail.com
Mon Aug 27 10:45:20 CEST 2012


Also i should say that the windows is ultimate 64-bit ( build  7601 ) and i
used this  http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq
completely in my setup.

if it is needed i can send ipsec.conf and ...

Thank you

On Mon, Aug 27, 2012 at 1:01 PM, Hamid Zamani <if.else.fi at gmail.com> wrote:

> Hello ,
>
> I've configured a debian os with strongswan 5.0.0 and anything is good so
> i can connect to that with my pc (windows 7-64bit)
> but there is no way to connect to server with other PCs and windows ...
>
> and the common error is :  " ike authentication credentials are
> unacceptable"
>
> and the daemon.log says me :
>
> Aug 27 04:28:15 HAMID charon: 15[NET] received packet: from
> xxx.xxx.xxx.xxx[956] to yyy.yyy.yyy.yyy[500]
> Aug 27 04:28:15  HAMID  charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) ]
> Aug 27 04:28:15  HAMID  charon: 15[IKE]  xxx.xxx.xxx.xxx[  is initiating
> an IKE_SA
> Aug 27 04:28:15  HAMID  charon: 15[IKE] remote host is behind NAT
> Aug 27 04:28:15  HAMID  charon: 15[ENC] generating IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
> Aug 27 04:28:15  HAMID  charon: 15[NET] sending packet: from
> yyy.yyy.yyy.yyy [500] to  xxx.xxx.xxx.xxx [956]
> Aug 27 04:28:16  HAMID  charon: 03[NET] received packet: from
> xxx.xxx.xxx.xxx [53196] to  yyy.yyy.yyy.yyy [4500]
> Aug 27 04:28:16  HAMID  charon: 03[ENC] parsed IKE_AUTH request 1 [ IDi
> CERTREQ N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
> Aug 27 04:28:16  HAMID  charon: 03[IKE] received cert request for "C=..."
> Aug 27 04:28:16  HAMID  charon: 03[IKE] received 11 cert requests for an
> unknown ca
> Aug 27 04:28:16  HAMID  charon: 03[CFG] looking for peer configs matching
> yyy.yyy.yyy.yyy [%any]... xxx.xxx.xxx.xxx [192.168.245.132]
> Aug 27 04:28:16  HAMID  charon: 03[CFG] selected peer config 'rw-eap'
> Aug 27 04:28:16  HAMID  charon: 03[IKE] initiating EAP_IDENTITY method (id
> 0x00)
> Aug 27 04:28:16  HAMID  charon: 03[IKE] peer supports MOBIKE
> Aug 27 04:28:16  HAMID  charon: 03[IKE] authentication of 'C=...' (myself)
> with RSA signature successful
> Aug 27 04:28:16  HAMID  charon: 03[IKE] sending end entity cert "C=..."
> Aug 27 04:28:16  HAMID  charon: 03[ENC] generating IKE_AUTH response 1 [
> IDr CERT AUTH EAP/REQ/ID ]
> Aug 27 04:28:16  HAMID  charon: 03[NET] sending packet: from
> yyy.yyy.yyy.yyy [4500] to  xxx.xxx.xxx.xxx [53196]
>
> what is the exac problem you think ?
>
> i sould also append that it is also happenning with ikev2(rsasig) .
>
> Thank you so much
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120827/9f4a4ff4/attachment.html>


More information about the Users mailing list