[strongSwan] Strongswan on Kali linux

Noel Kuntze noel at familie-kuntze.de
Thu Jul 3 13:39:48 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Arvindhar,

As I wrote before, you need to set aggressive=yes in conn %default or conn rw 
or make the Shrewsoft Client initiate in main mode, not aggressive mode.

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 03.07.2014 13:37, schrieb Arvindhar Subbu:
> Dear Noel,
> 
> Please check below ipsec.conf data.  Kindly let me know if you want to know more details.
> 
> ***********ipsec.conf************************************************
> # ipsec.conf - strongSwan IPsec configuration file
> # basic configuration
> config setup
> conn %default
>     type=tunnel
>     ike=aes128-sha1-modp2048,3des-sha1-modp1536
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     keyexchange=ikev1
>     esp=aes128-sha1,3des-sha1
>      mobike=yes
>      leftikeport=4500
>      rightikeport=4500
> conn rw
>     left=11.12.13.15
>     leftcert=gatewayCert.pem
>     leftid=arvindhar at gmail.com
>  leftfirewall=yes
>     right=%any
>     rightsourceip=192.168.20.0/24
>     auto=add
> 
> # strictcrlpolicy=yes
> # uniqueids = no
> # Add connections here.
> # Sample VPN connections
> # conn sample-self-signed
> #      leftsubnet=10.1.0.0/16
> #      leftcert=selfCert.der
> #      leftsendcert=never
> #      right=192.168.0.2
> #      rightsubnet=10.2.0.0/16
> #      rightcert=peerCert.der
> #      auto=start
> #conn sample-with-ca-cert
> #      leftsubnet=10.1.0.0/16
> #      leftcert=myCert.pem
> #      right=192.168.0.2
> #      rightsubnet=10.2.0.0/16
> #      rightid="C=CH, O=Linux strongSwan CN=peer name"
> #      auto=start
> 
> ***************************************************************************
> 
> Thank you,
> s.s.arvindhar
> 
> 
>> Date: Thu, 3 Jul 2014 12:30:08 +0200
>> From: noel at familie-kuntze.de
>> To: users at lists.strongswan.org
>> Subject: Re: [strongSwan] Strongswan on Kali linux
>>
> Hello Arvindhar,
> 
> You need to set aggressive=yes in the conn. Also, please show us your ipsec.conf.
> 
> Regards,
> Noel Kuntze
> 
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> Am 03.07.2014 11:58, schrieb Arvindhar Subbu:
>> Hi,
> 
>> Unable to connect to Strongswan server from Road warrior.
> 
>> I'm following 2dd.it strongswan guide to deploy on kali linux as a server and windows 7 as a road warrior. Please help/clue to solve.
> 
>> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8
> 
>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
>> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID
>> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without data
>> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a Aggressive Mode IKE_SA
>> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, CN=MILEYCYRUS, E=arvindhar at gmail.com]
>> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found
>> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request 152362081 [ N(AUTH_FAILED) ]
>> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] to 11.12.13.18[500] (56 bytes)
> 
>> Thank you,
>> s.s.arvindhar
> 
> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G
QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq
9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its
jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07
WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4
GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/
L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V
nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8
YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL
ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj
gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE
gbBqTqENf+sqD5mRSs6t
=jkdN
-----END PGP SIGNATURE-----

More information about the Users mailing list