[strongSwan] Strongswan on Kali linux
Noel Kuntze
noel at familie-kuntze.de
Thu Jul 3 13:39:48 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Arvindhar,
As I wrote before, you need to set aggressive=yes in conn %default or conn rw
or make the Shrewsoft Client initiate in main mode, not aggressive mode.
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 03.07.2014 13:37, schrieb Arvindhar Subbu:
> Dear Noel,
>
> Please check below ipsec.conf data. Kindly let me know if you want to know more details.
>
> ***********ipsec.conf************************************************
> # ipsec.conf - strongSwan IPsec configuration file
> # basic configuration
> config setup
> conn %default
> type=tunnel
> ike=aes128-sha1-modp2048,3des-sha1-modp1536
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev1
> esp=aes128-sha1,3des-sha1
> mobike=yes
> leftikeport=4500
> rightikeport=4500
> conn rw
> left=11.12.13.15
> leftcert=gatewayCert.pem
> leftid=arvindhar at gmail.com
> leftfirewall=yes
> right=%any
> rightsourceip=192.168.20.0/24
> auto=add
>
> # strictcrlpolicy=yes
> # uniqueids = no
> # Add connections here.
> # Sample VPN connections
> # conn sample-self-signed
> # leftsubnet=10.1.0.0/16
> # leftcert=selfCert.der
> # leftsendcert=never
> # right=192.168.0.2
> # rightsubnet=10.2.0.0/16
> # rightcert=peerCert.der
> # auto=start
> #conn sample-with-ca-cert
> # leftsubnet=10.1.0.0/16
> # leftcert=myCert.pem
> # right=192.168.0.2
> # rightsubnet=10.2.0.0/16
> # rightid="C=CH, O=Linux strongSwan CN=peer name"
> # auto=start
>
> ***************************************************************************
>
> Thank you,
> s.s.arvindhar
>
>
>> Date: Thu, 3 Jul 2014 12:30:08 +0200
>> From: noel at familie-kuntze.de
>> To: users at lists.strongswan.org
>> Subject: Re: [strongSwan] Strongswan on Kali linux
>>
> Hello Arvindhar,
>
> You need to set aggressive=yes in the conn. Also, please show us your ipsec.conf.
>
> Regards,
> Noel Kuntze
>
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 03.07.2014 11:58, schrieb Arvindhar Subbu:
>> Hi,
>
>> Unable to connect to Strongswan server from Road warrior.
>
>> I'm following 2dd.it strongswan guide to deploy on kali linux as a server and windows 7 as a road warrior. Please help/clue to solve.
>
>> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8
>
>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
>> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID
>> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without data
>> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a Aggressive Mode IKE_SA
>> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, CN=MILEYCYRUS, E=arvindhar at gmail.com]
>> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found
>> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request 152362081 [ N(AUTH_FAILED) ]
>> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] to 11.12.13.18[500] (56 bytes)
>
>> Thank you,
>> s.s.arvindhar
>
>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G
QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq
9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its
jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07
WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4
GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/
L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V
nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8
YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL
ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj
gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE
gbBqTqENf+sqD5mRSs6t
=jkdN
-----END PGP SIGNATURE-----
More information about the Users
mailing list