[strongSwan] WG: unable to connect via Ubuntu 12.04 / strongswan-nm / eap-radius
Martin Shemon
Martin.Shemon at parship.com
Thu May 15 09:13:44 CEST 2014
Hi Noel,
thanks for the Information. I tried most of the debug levels from ike (3) and saw that the Client is not establishing the TLS Connection to the radius Server. Problem is, I don’t understand why. The same configuration is working with Win7 / mac and android clients. For me android is a linux too and from this sight it must working in Ubuntu also.
I´ll collect some logs to compare between win / Ubuntu clients and post it tomorrow.
Regards
Martin
-----Ursprüngliche Nachricht-----
Von: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] Im Auftrag von Noel Kuntze
Gesendet: Mittwoch, 14. Mai 2014 19:50
An: users at lists.strongswan.org
Betreff: Re: [strongSwan] unable to connect via Ubuntu 12.04 / strongswan-nm / eap-radius
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Martin,
You can set up logging[1].to see more information.
[1 ]http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
Regards,
Noel Kuntze
Am 14.05.2014 19:12, schrieb Martin Shemon:
>
> Hi all,
>
>
>
> after testing the whole day around there is still no working solution for me.
>
>
>
> What we have here:
>
>
>
> 1 Strongswan Server with IKEv2
>
> 1 FreeRadius Server
>
> 1 DHCP Server
>
> 1 Active Directory Server which is behind the RADIUS Server
>
>
>
> Authentication via eap-radius and one type of connection which is working for the most clients.
>
>
>
> Goal is to connect and authenticate all clients with the same
> connectionconfiguration
>
>
>
> Working Clients:
>
>
>
> Windows 7 x64
>
> Android
>
> MacOS X 10.9
>
>
>
> Not working Clients:
>
>
>
> Ubuntu 10.04 / 12.04
>
>
>
> One question: has anybody such a configuration running ? Problem is that the Ubuntu Clients (with strongswan-nm plugin) do not cconnect cause the phase 2 (EAP-radius) is not working like the windows connection. For me it looks like the eap-tls tunnel is not coming up cause of a not accepted certificate. The certificates work fine on all the other clients.
>
>
>
> ipsec.conf:
>
>
>
> # ipsec.conf - strongSwan IPsec configuration file
>
>
>
> config setup
>
>
>
> conn %default
>
> keyexchange=ikev2
>
> ike=aes256-sha1-modp1024!
>
> esp=aes256-sha1!
>
> dpdaction=clear
>
> dpddelay=300s
>
> rekey=no
>
> left=%any
>
> leftsubnet=0.0.0.0/0
>
> leftauth=pubkey
>
> leftcert=[hiddenCauseOfPrivacy].pem
>
> leftid= [hiddenCauseOfPrivacy].net àDNS Name
>
> leftfirewall=yes
>
>
>
> conn win7rad
>
> right=%any
>
> rightsourceip=%dhcp
>
> rightauth=eap-radius
>
> eap_identity=%identity
>
> rightsendcert=never
>
> auto=add
>
>
>
>
>
> What can we do to analyze this problem in deep.
>
>
>
> Regards
>
> Martin Shemon
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTc6y2AAoJEDg5KY9j7GZYXn8P/iRMxpP1+aaUHDa6Ad2xCYQL
hX4S+QQn6bjGTirQykHbLDcaLWJg25NTypPEdY2waVcehE0+Xat3FIPzPFgUSspw
C099j5HcXWhuanwbGXobTXv1Jd+GJ++Sr4+njle5Yc7acZvm0wvXLhW9lVR6bUHK
umLeq4PUrXKK4V4HRcUwhdOD7Kj2JzQihyikrvedmSn54o4W59o5Y9Ay4aXiW+lx
GXQRrSADr3+rAYDC4rdF4rp7pee1l7wJ5q2qImlApS0qjYRikZLCG6o+Ku2Fo7XJ
K83nRPDHA0q/SxO3C/T1sUqXezmgn0d/WdwzIcfm7aiTH/cvxxlVeHw4nFtQiXyM
jDgvIJ8vEeuBOFJvuCUjGrZoLHEJDatTJpR+vZ376kF5hbaDxXHMQA3+h3BOKkV3
bL9ZF554frXtb2KPD2DaqQ5+lo/rGhyFsYi0QS4OrM++2RHH5KBvUSNBGYcbbt6n
3z5/rwmsEA7eMDM+bw9Adh0FrOA4/pUaZ+5TgR1HoPJ0Wn03aEWSEJslqSQ6FP6m
RHgX986epQ9be0yphrwru+fgFU8ZMsIsO2YzOatLBDSElhemyFSJVgiZBNW+9ZnV
VG77IU1A3Nuq6oJ87m4v2bmLPbsK2OQQJfNDwOfyMgr+ahAU89iMe+QExH353eX5
kneY+S5h1JzUC76zo4tI
=zvUp
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list