[strongSwan] WG: unable to connect via Ubuntu 12.04 / strongswan-nm / eap-radius

Martin Shemon Martin.Shemon at parship.com
Thu May 15 09:13:44 CEST 2014


Hi Noel,

thanks for the Information.  I tried most of the debug levels from ike (3) and saw that the Client is not establishing the TLS Connection to the radius Server. Problem is, I don’t understand why. The same configuration is working with Win7 / mac  and android clients. For me android is a linux too and from this sight it must working in Ubuntu also. 

I´ll collect some logs to compare between win / Ubuntu clients and post it tomorrow.

Regards
Martin



-----Ursprüngliche Nachricht-----
Von: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] Im Auftrag von Noel Kuntze
Gesendet: Mittwoch, 14. Mai 2014 19:50
An: users at lists.strongswan.org
Betreff: Re: [strongSwan] unable to connect via Ubuntu 12.04 / strongswan-nm / eap-radius


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Martin,

You can set up logging[1].to see more information.

[1 ]http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration

Regards,
Noel Kuntze
 
Am 14.05.2014 19:12, schrieb Martin Shemon:
>
> Hi all,
>
> 
>
> after testing the whole day around there is still no working solution for me.
>
> 
>
> What we have here:
>
> 
>
> 1 Strongswan Server with IKEv2
>
> 1 FreeRadius Server
>
> 1 DHCP Server
>
> 1 Active Directory Server which is behind the RADIUS Server
>
> 
>
> Authentication via eap-radius and one type of connection which is working for the most clients.
>
> 
>
> Goal is to connect and authenticate all clients with the same 
> connectionconfiguration
>
> 
>
> Working Clients:
>
> 
>
> Windows 7 x64
>
> Android
>
> MacOS X 10.9
>
> 
>
> Not working Clients:
>
> 
>
> Ubuntu 10.04 / 12.04
>
> 
>
> One question: has anybody such a configuration running ? Problem is that the Ubuntu Clients (with strongswan-nm plugin) do not cconnect cause the phase 2 (EAP-radius) is not working like the windows connection. For me it looks like the eap-tls tunnel is not coming up cause of a not accepted certificate. The certificates work fine on all the other clients.
>
> 
>
> ipsec.conf:
>
> 
>
> # ipsec.conf - strongSwan IPsec configuration file
>
> 
>
> config setup
>
> 
>
> conn %default
>
>     keyexchange=ikev2
>
>     ike=aes256-sha1-modp1024!
>
>     esp=aes256-sha1!
>
>     dpdaction=clear
>
>     dpddelay=300s
>
>     rekey=no
>
>     left=%any
>
>     leftsubnet=0.0.0.0/0
>
>     leftauth=pubkey
>
>     leftcert=[hiddenCauseOfPrivacy].pem
>
>     leftid= [hiddenCauseOfPrivacy].net àDNS Name
>
>     leftfirewall=yes
>
> 
>
> conn win7rad
>
>     right=%any
>
>     rightsourceip=%dhcp
>
>     rightauth=eap-radius
>
>     eap_identity=%identity
>
>     rightsendcert=never
>
>     auto=add
>
> 
>
> 
>
> What can we do to analyze this problem in deep.
>
> 
>
> Regards
>
> Martin Shemon
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTc6y2AAoJEDg5KY9j7GZYXn8P/iRMxpP1+aaUHDa6Ad2xCYQL
hX4S+QQn6bjGTirQykHbLDcaLWJg25NTypPEdY2waVcehE0+Xat3FIPzPFgUSspw
C099j5HcXWhuanwbGXobTXv1Jd+GJ++Sr4+njle5Yc7acZvm0wvXLhW9lVR6bUHK
umLeq4PUrXKK4V4HRcUwhdOD7Kj2JzQihyikrvedmSn54o4W59o5Y9Ay4aXiW+lx
GXQRrSADr3+rAYDC4rdF4rp7pee1l7wJ5q2qImlApS0qjYRikZLCG6o+Ku2Fo7XJ
K83nRPDHA0q/SxO3C/T1sUqXezmgn0d/WdwzIcfm7aiTH/cvxxlVeHw4nFtQiXyM
jDgvIJ8vEeuBOFJvuCUjGrZoLHEJDatTJpR+vZ376kF5hbaDxXHMQA3+h3BOKkV3
bL9ZF554frXtb2KPD2DaqQ5+lo/rGhyFsYi0QS4OrM++2RHH5KBvUSNBGYcbbt6n
3z5/rwmsEA7eMDM+bw9Adh0FrOA4/pUaZ+5TgR1HoPJ0Wn03aEWSEJslqSQ6FP6m
RHgX986epQ9be0yphrwru+fgFU8ZMsIsO2YzOatLBDSElhemyFSJVgiZBNW+9ZnV
VG77IU1A3Nuq6oJ87m4v2bmLPbsK2OQQJfNDwOfyMgr+ahAU89iMe+QExH353eX5
kneY+S5h1JzUC76zo4tI
=zvUp
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users


More information about the Users mailing list