[strongSwan] Problem with windows 7 connecting with strongswan and xl2tpd

CpServiceSPb . cpservicespb at gmail.com
Wed Jun 11 01:16:53 CEST 2014 

I have xl2tpd 1.3.6 installed at Ubuntu 12.04 LTS as server.
I had also OpenSwan and OpenSwan +xl2tpd worked for Win XP/7 and Htc
Android phones, but did not work for Sony Android phones (meaning built-in
Android cleint) .
Then I have decided to turn on to xl2tpd+StrongSwan, and installed
U4.5.2/K3.8.0-41-generic version.
I have reached that xl2tpd+StrongSwan works with Win XP, but not for Win 7
and for Sony Android client (did not test for Htc Android) . I talk about
ikev1.
So, how is possible that xl2tpd+strongswan could work with Win XP/7/8 and
with Android built-in client with encryption ?
My confs are below:

*ipsec.conf:*
config setup
   strictcrlpolicy=no
   nat_traversal=yes
   charonstart=yes
   plutostart=yes
   virtual_private=%v4:192.168.0.0/24
   klipsdebug=all
   plutodebug=al

conn %default
     ikelifetime=8h
     keylife=10800
     rekeymargin=3m
     keyingtries=10
     dpdaction=clear
     dpddelay=40
     dpdtimeout=130

conn ikev1
    compress=yes
    forceencaps=yes
    left=external 'white' IP
    leftid=external 'white' IP
    leftprotoport=udp/1701
    right=%any
    rightprotoport=udp/%any
    keyingtries=2
    lifetime=1h
    margintime=15m
    auto=add
    type=transport
    pfs=no
    rekey=no
    authby=psk

ike=3des-sha1-modp1024,3des-sha1-modp2048,aes128-sha1-ecp256,aes256-sha1-ecp384,aes256-sha1-modp2048,null-md5!

    esp=3des-sha1,aes128-sha1,des-sha1,null-md5!
    mobike=no

*ipsec.secrets:*
#include /var/lib/strongswan/ipsec.secrets.inc

external 'white' IP %any : PSK "1234567890"
user : XAUTH "pass"

*xl2tpd.conf:*
[global]
listen-addr = external 'white' IP
port = 1701
auth file = /etc/ppp/chap-secrets
access control = no
rand source = dev

debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes

*[lns default]*
exclusive = yes
ip range = 192.168.0.200-192.168.0.215
local ip = 192.168.0.100
length bit = yes
refuse chap = yes
refuse pap = yes
require authentication = yes
name = Server
ppp debug = yes
pppoptfile = /etc/xl2tpd/xl2tpd.options;

*xl2tpd.options:*
asyncmap 0
auth
ms-dns 192.168.0.254
ms-wins 192.168.0.254
hide-password
modem
debug
name xl2tpd
idle 1800
mtu 1410
mru 1410
lcp-echo-interval 30
lcp-echo-failure 4
local
lock
logfile /var/log/xl2tpd.log
proxyarp
nodefaultroute
require-mschap
require-mschap-v2
ipparam default
ipcp-accept-local
ipcp-accept-remote
noccp
connect-delay 5000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140611/e7c6877b/attachment.html>

More information about the Users mailing list