[strongSwan] Strongswan on Kali linux

Arvindhar Subbu arvindhar at hotmail.com
Thu Jul 3 13:37:42 CEST 2014 

Dear Noel,

Please check below ipsec.conf data.  Kindly let me know if you want to know more details.

***********ipsec.conf************************************************
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
conn %default
    type=tunnel
    ike=aes128-sha1-modp2048,3des-sha1-modp1536
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    esp=aes128-sha1,3des-sha1
     mobike=yes
     leftikeport=4500
     rightikeport=4500
conn rw
    left=11.12.13.15
    leftcert=gatewayCert.pem
    leftid=arvindhar at gmail.com
 leftfirewall=yes
    right=%any
    rightsourceip=192.168.20.0/24
    auto=add

# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
# conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start
#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start

***************************************************************************

Thank you,
s.s.arvindhar


> Date: Thu, 3 Jul 2014 12:30:08 +0200
> From: noel at familie-kuntze.de
> To: users at lists.strongswan.org
> Subject: Re: [strongSwan] Strongswan on Kali linux
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello Arvindhar,
> 
> You need to set aggressive=yes in the conn. Also, please show us your ipsec.conf.
> 
> Regards,
> Noel Kuntze
> 
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> Am 03.07.2014 11:58, schrieb Arvindhar Subbu:
> > Hi,
> > 
> > Unable to connect to Strongswan server from Road warrior.
> > 
> > I'm following 2dd.it strongswan guide to deploy on kali linux as a server and windows 7 as a road warrior.  Please help/clue to solve.
> > 
> > www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8
> > 
> > Jul  1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
> > Jul  1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
> > Jul  1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
> > Jul  1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID
> > Jul  1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without data
> > Jul  1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a Aggressive Mode IKE_SA
> > Jul  1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, CN=MILEYCYRUS, E=arvindhar at gmail.com]
> > Jul  1 12:00:12 vpneye charon: 13[IKE] no peer config found
> > Jul  1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request 152362081 [ N(AUTH_FAILED) ]
> > Jul  1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] to 11.12.13.18[500] (56 bytes)
> > 
> > Thank you,
> > s.s.arvindhar
> > 
> > 
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
> > 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJTtTCwAAoJEDg5KY9j7GZYtLsP/309h1e7G03Wh8dqQ9avUWNa
> xzDf3MEhdBWwTDwM0NfRVOTRMZpIfhtdsDEMOjfucIVpZ+ol0nkgL0dyQlthEu30
> TfFPsg3bmSnila0VnzDzGuZWndmDGtgTvKL9D9xOCt5/8gLu9owAELtNuC75vyM/
> xT5+ayQI+m2cg8rM/8znEKHJG5hRlpyqtDlOy3vkpDDdST3b+QTKFHF5FynGJ0L5
> RUwNCGqldDrpaMtjs6S/jHUKi9BcUcPa/mF6OtZNAcJdCb/04dIcTRF5aBb/qfe/
> tqKAYAGBOyzZOoUUTzlat2yUpe4mB2gvuxucts2LMKsPLb4mS4PLYP0XN/xiC9vJ
> EjgumEjnnpZx5zSwO9DK0F7UOXcWxC23U1Ei3KLmwqNDv6LgQAoJr8Zu8ZEVvfBD
> EmNucHejKsz72lJODUCEA/FpNmmEW++RQhc71CdJV+xnV4YyCuNYrXjf+TIpSNe6
> pUHR1T4NNTiBovWSRtbLQbsl8N4CuZnm+iqp5sqjA6dBCl/gQblgj7CUxgHvN2Ti
> PscRMBq0nkjTdxk44nOvnsbQE7ohNF7swxkOTc7OK5E2x/Os26ukYPCjSVH3DO6G
> umuvki3DpVdaufwN5gPoLz3bAyR4NIA5bApx0StHznhfNDzKO59VnqAc1eA5sBWn
> iqfBtrYxIsPo2kNlJpJ8
> =yp/9
> -----END PGP SIGNATURE-----
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140703/53e64f7e/attachment.html>

More information about the Users mailing list