[strongSwan] Strongswan on Kali linux

Arvindhar Subbu arvindhar at hotmail.com
Thu Jul 3 14:22:43 CEST 2014


I changed to Main mode in client.

Thank you,
s.s.arvindhar

From: arvindhar at hotmail.com
To: noel at familie-kuntze.de; users at lists.strongswan.org
Subject: RE: [strongSwan] Strongswan on Kali linux
Date: Thu, 3 Jul 2014 12:21:53 +0000




Thank you Noel, It connected, Will update you once i finish the below tests

1. NAT test
2. Ping communication test
3. Split tunnel test
4. Android test
5. iphone test

Thank you,
s.s.arvindhar



> Date: Thu, 3 Jul 2014 13:39:48 +0200
> From: noel at familie-kuntze.de
> To: arvindhar at hotmail.com; users at lists.strongswan.org
> Subject: Re: [strongSwan] Strongswan on Kali linux
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello Arvindhar,
> 
> As I wrote before, you need to set aggressive=yes in conn %default or conn rw 
> or make the Shrewsoft Client initiate in main mode, not aggressive mode.
> 
> Regards,
> Noel Kuntze
> 
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> Am 03.07.2014 13:37, schrieb Arvindhar Subbu:
> > Dear Noel,
> > 
> > Please check below ipsec.conf data.  Kindly let me know if you want to know more details.
> > 
> > ***********ipsec.conf************************************************
> > # ipsec.conf - strongSwan IPsec configuration file
> > # basic configuration
> > config setup
> > conn %default
> >     type=tunnel
> >     ike=aes128-sha1-modp2048,3des-sha1-modp1536
> >     ikelifetime=60m
> >     keylife=20m
> >     rekeymargin=3m
> >     keyingtries=1
> >     keyexchange=ikev1
> >     esp=aes128-sha1,3des-sha1
> >      mobike=yes
> >      leftikeport=4500
> >      rightikeport=4500
> > conn rw
> >     left=11.12.13.15
> >     leftcert=gatewayCert.pem
> >     leftid=arvindhar at gmail.com
> >  leftfirewall=yes
> >     right=%any
> >     rightsourceip=192.168.20.0/24
> >     auto=add
> > 
> > # strictcrlpolicy=yes
> > # uniqueids = no
> > # Add connections here.
> > # Sample VPN connections
> > # conn sample-self-signed
> > #      leftsubnet=10.1.0.0/16
> > #      leftcert=selfCert.der
> > #      leftsendcert=never
> > #      right=192.168.0.2
> > #      rightsubnet=10.2.0.0/16
> > #      rightcert=peerCert.der
> > #      auto=start
> > #conn sample-with-ca-cert
> > #      leftsubnet=10.1.0.0/16
> > #      leftcert=myCert.pem
> > #      right=192.168.0.2
> > #      rightsubnet=10.2.0.0/16
> > #      rightid="C=CH, O=Linux strongSwan CN=peer name"
> > #      auto=start
> > 
> > ***************************************************************************
> > 
> > Thank you,
> > s.s.arvindhar
> > 
> > 
> >> Date: Thu, 3 Jul 2014 12:30:08 +0200
> >> From: noel at familie-kuntze.de
> >> To: users at lists.strongswan.org
> >> Subject: Re: [strongSwan] Strongswan on Kali linux
> >>
> > Hello Arvindhar,
> > 
> > You need to set aggressive=yes in the conn. Also, please show us your ipsec.conf.
> > 
> > Regards,
> > Noel Kuntze
> > 
> > GPG Key id: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> > 
> > Am 03.07.2014 11:58, schrieb Arvindhar Subbu:
> >> Hi,
> > 
> >> Unable to connect to Strongswan server from Road warrior.
> > 
> >> I'm following 2dd.it strongswan guide to deploy on kali linux as a server and windows 7 as a road warrior. Please help/clue to solve.
> > 
> >> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8
> > 
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without data
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a Aggressive Mode IKE_SA
> >> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, CN=MILEYCYRUS, E=arvindhar at gmail.com]
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request 152362081 [ N(AUTH_FAILED) ]
> >> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] to 11.12.13.18[500] (56 bytes)
> > 
> >> Thank you,
> >> s.s.arvindhar
> > 
> > 
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.strongswan.org
> >> https://lists.strongswan.org/mailman/listinfo/users
> > 
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.strongswan.org
> >> https://lists.strongswan.org/mailman/listinfo/users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G
> QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq
> 9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its
> jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07
> WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4
> GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/
> L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V
> nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8
> YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL
> ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj
> gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE
> gbBqTqENf+sqD5mRSs6t
> =jkdN
> -----END PGP SIGNATURE-----
 		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140703/cd986fe0/attachment.html>


More information about the Users mailing list