[strongSwan] IKEv2 EAP (username/password) authentication failing with strongswan server
Ravi Kanth Vanapalli
vvnrk.vanapalli at gmail.com
Mon Dec 22 17:47:51 CET 2014
Dear All,
I am trying to do IKEv2 EAP Username/password authentication between
Dec 22 11:44:59 samsung-600
Client: Strongswan Android google play apk
Server: Strongswan server runningon my linux machine
Connection is failing with
*charon: 11[IKE] no shared key found for '10.0.0.35' - 'user1'*
*Please find below the snapshot of my configuration files. Please let me
know if I missed something.*
ipsec.conf
---------------
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=yes
plutostart=yes
# Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
conn ssandroid
left=10.0.0.35
leftfirewall=no
right=%any
rightsourceip = 10.0.0.2
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=start
ipsec.secrets
-------------------
include /var/lib/strongswan/ipsec.secrets.inc
user1:EAP "topsecretpassword"
*Daemon log for this failure* i.e tail -f /var/log/syslog
c 22 11:44:58 samsung-600B4B-600B5B charon: 16[NET] received packet: from
10.0.0.29[59701] to 10.0.0.35[500]
Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[ENC] parsed IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) ]
Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[IKE] 10.0.0.29 is
initiating an IKE_SA
Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[IKE] remote host is behind
NAT
Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[ENC] generating
IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Dec 22 11:44:58 samsung-600B4B-600B5B charon: 16[NET] sending packet: from
10.0.0.35[500] to 10.0.0.29[59701]
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[NET] received packet: from
10.0.0.29[49704] to 10.0.0.35[4500]
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[ENC] parsed IKE_AUTH
request 1 [ IDi N(INIT_CONTACT) CERTREQ CP(ADDR ADDR6 DNS DNS6)
N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(ADD_6_ADDR)
N(MULT_AUTH) N(EAP_ONLY) ]
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] received cert request
for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[CFG] looking for peer
configs matching 10.0.0.35[%any]...10.0.0.29[user1]
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[CFG] selected peer config
'ssandroid'
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] initiating
EAP-Identity request
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] received
ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] peer supports MOBIKE
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] authentication of
'10.0.0.35' (myself) with pre-shared key
*Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[IKE] no shared key found
for '10.0.0.35' - 'user1'*Dec 22 11:44:59 samsung-600B4B-600B5B charon:
11[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec 22 11:44:59 samsung-600B4B-600B5B charon: 11[NET] sending packet: from
10.0.0.35[4500] to 10.0.0.29[49704]
Please help me resolve this issue.
--
Regards,
RaviKanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141222/847f7450/attachment.html>
More information about the Users
mailing list