[strongSwan] Strongswan on Kali linux
Arvindhar Subbu
arvindhar at hotmail.com
Fri Jul 4 13:14:18 CEST 2014
Dear Noel,
I'm unable to access network resources behind the VPN server.
Kali Server
Kali WAN - 11.12.13.15Kali LAN - 192.168.7.1LAN side server - 192.168.7.5
Test:1. Road Warrior unable to reach 192.168.7.5 but pinging 192.168.7.1 over vpn connection2. Got ping reply for ip 192.168.7.5 from Kali Server LAN interface 192.168.7.1 Any changes required in ipsec.conf or iptables?
Kindly suggest.
Thank you,s.s. arvindhar
From: arvindhar at hotmail.com
To: noel at familie-kuntze.de; users at lists.strongswan.org
Subject: RE: [strongSwan] Strongswan on Kali linux
Date: Thu, 3 Jul 2014 12:22:43 +0000
I changed to Main mode in client.
Thank you,
s.s.arvindhar
From: arvindhar at hotmail.com
To: noel at familie-kuntze.de; users at lists.strongswan.org
Subject: RE: [strongSwan] Strongswan on Kali linux
Date: Thu, 3 Jul 2014 12:21:53 +0000
Thank you Noel, It connected, Will update you once i finish the below tests
1. NAT test
2. Ping communication test
3. Split tunnel test
4. Android test
5. iphone test
Thank you,
s.s.arvindhar
> Date: Thu, 3 Jul 2014 13:39:48 +0200
> From: noel at familie-kuntze.de
> To: arvindhar at hotmail.com; users at lists.strongswan.org
> Subject: Re: [strongSwan] Strongswan on Kali linux
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Arvindhar,
>
> As I wrote before, you need to set aggressive=yes in conn %default or conn rw
> or make the Shrewsoft Client initiate in main mode, not aggressive mode.
>
> Regards,
> Noel Kuntze
>
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 03.07.2014 13:37, schrieb Arvindhar Subbu:
> > Dear Noel,
> >
> > Please check below ipsec.conf data. Kindly let me know if you want to know more details.
> >
> > ***********ipsec.conf************************************************
> > # ipsec.conf - strongSwan IPsec configuration file
> > # basic configuration
> > config setup
> > conn %default
> > type=tunnel
> > ike=aes128-sha1-modp2048,3des-sha1-modp1536
> > ikelifetime=60m
> > keylife=20m
> > rekeymargin=3m
> > keyingtries=1
> > keyexchange=ikev1
> > esp=aes128-sha1,3des-sha1
> > mobike=yes
> > leftikeport=4500
> > rightikeport=4500
> > conn rw
> > left=11.12.13.15
> > leftcert=gatewayCert.pem
> > leftid=arvindhar at gmail.com
> > leftfirewall=yes
> > right=%any
> > rightsourceip=192.168.20.0/24
> > auto=add
> >
> > # strictcrlpolicy=yes
> > # uniqueids = no
> > # Add connections here.
> > # Sample VPN connections
> > # conn sample-self-signed
> > # leftsubnet=10.1.0.0/16
> > # leftcert=selfCert.der
> > # leftsendcert=never
> > # right=192.168.0.2
> > # rightsubnet=10.2.0.0/16
> > # rightcert=peerCert.der
> > # auto=start
> > #conn sample-with-ca-cert
> > # leftsubnet=10.1.0.0/16
> > # leftcert=myCert.pem
> > # right=192.168.0.2
> > # rightsubnet=10.2.0.0/16
> > # rightid="C=CH, O=Linux strongSwan CN=peer name"
> > # auto=start
> >
> > ***************************************************************************
> >
> > Thank you,
> > s.s.arvindhar
> >
> >
> >> Date: Thu, 3 Jul 2014 12:30:08 +0200
> >> From: noel at familie-kuntze.de
> >> To: users at lists.strongswan.org
> >> Subject: Re: [strongSwan] Strongswan on Kali linux
> >>
> > Hello Arvindhar,
> >
> > You need to set aggressive=yes in the conn. Also, please show us your ipsec.conf.
> >
> > Regards,
> > Noel Kuntze
> >
> > GPG Key id: 0x63EC6658
> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> >
> > Am 03.07.2014 11:58, schrieb Arvindhar Subbu:
> >> Hi,
> >
> >> Unable to connect to Strongswan server from Road warrior.
> >
> >> I'm following 2dd.it strongswan guide to deploy on kali linux as a server and windows 7 as a road warrior. Please help/clue to solve.
> >
> >> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8
> >
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without data
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a Aggressive Mode IKE_SA
> >> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, CN=MILEYCYRUS, E=arvindhar at gmail.com]
> >> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found
> >> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request 152362081 [ N(AUTH_FAILED) ]
> >> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] to 11.12.13.18[500] (56 bytes)
> >
> >> Thank you,
> >> s.s.arvindhar
> >
> >
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.strongswan.org
> >> https://lists.strongswan.org/mailman/listinfo/users
> >
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.strongswan.org
> >> https://lists.strongswan.org/mailman/listinfo/users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G
> QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq
> 9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its
> jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07
> WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4
> GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/
> L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V
> nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8
> YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL
> ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj
> gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE
> gbBqTqENf+sqD5mRSs6t
> =jkdN
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140704/851f7d9a/attachment.html>
More information about the Users
mailing list