[strongSwan] Strongswan -- win7 ikev2 problem

Saad Shafiq saad.shafiq at and-or.com
Mon Apr 28 11:59:36 CEST 2014


Thanks Martin...

I've tested again with no-luck

> Tried to remove your explicit load statement?
tested it w/o explicit load and charon loaded all modules
Apr 28 14:21:54 00[LIB] loaded plugins: charon curl ldap aes des rc2 sha1
sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7
pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc cmac
hmac attr kernel-netlink resolve *socket-default* farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius xauth-generic
xauth-eap dhcp unity
Apr 28 14:21:54 00[LIB] unable to load 6 plugin features (6 due to unmet
dependencies)

is it cause of load_modular default behavour (though i didn't add it in
strongswan.config)

> Do you have a socket plugin loaded?
socket-default plugin is loaded this time. I haven't compiled
socket-dynamic, but that shouldn't be a requirement as this should be
working on standard ports

> Are you using a sane thread pool size?
I didn't changed any config for thread count and I am testing a single
client scenario.. so all should be in default mode regarding threads..
right!

> The Windows Agile VPN client does not support pre-shared key
authentication. You'll need a server certificate, and install it or its CA
to the client machine.

I'll check this scenario with certificates and update...





*Saad Shafiq*Design Engineer | AND-OR Logic Islamabad<http://www.andorlogic.com>
Cell: +92-334-465-8747
Phone: +92-51-2612815 Ext: 220



On Mon, Apr 28, 2014 at 1:57 PM, Martin Willi <martin at strongswan.org> wrote:

> Hi,
>
> > Win7 hangs on verifying username and password and strongswan ipsec tunnel
> > stays in connecting mode but never goes up.
>
> >      rw_win7:   local:  [134.202.84.62] uses pre-shared key
> authentication
> >      rw_win7:   remote: uses EAP_MSCHAPV2 authentication with EAP
> identity
>
> The Windows Agile VPN client does not support pre-shared key
> authentication. You'll need a server certificate, and install it or its
> CA to the client machine. Refer to [1] for details.
>
> Regards
> Martin
>
> [1]https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140428/60a41730/attachment.html>


More information about the Users mailing list