[strongSwan] help setting up basic VPN on ubuntu
Noel Kuntze
noel at familie-kuntze.de
Sun Nov 30 01:03:12 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Imran,
You need to specify rightauth2=eap-mschapv2, so strongSwan is configured correctly to accept
eap authentication using mschapv2 in round 2.
You also lack the eap-mschapv2 modules, that you need for eap-mschapv2.
Install it via your package manager or, if you built strongSwan yourself, configure the strongSwan sources with --enable-eap-mschapv2,
"make uninstall" "make clean" "make" and "make install".
Also, please make sure you send your answer to all parties involved, not just me.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 30.11.2014 um 00:54 schrieb Imran Akbar:
> Hey Noel and Thomas,
>
> thanks for your help.
> I've made some progress - I'm now getting an "AUTH FAILED" error from my client.
> I'm trying to connect via the StrongSwan client on Android using IKEv2 EAP (username/password).
>
> Here is my ipsec.conf: http://pastebin.com/Ap5gUX0f
>
> Here is my secrets.conf: http://pastebin.com/hhX9micY
>
> Here is my server log: http://pastebin.com/W99PPKt3 (looks like the key issue is "peer requested EAP, config inacceptable")
>
> Here is my client log: http://pastebin.com/2w9NS1Zs
>
> I'm going to keep tweaking the authentication configs to see if I can make it work.
>
> yours,
> imran
>
>
> On Sat, Nov 29, 2014 at 9:04 AM, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
>
>
> Hello Imran,
>
> IPsec/L2TP is mostly used with IKEv1, not IKEv2. Please tell us what clients you're trying to use,
> to make sure they try to use IKEv2, too.
>
> L2TP is not handled by strongSwan. You need to use xl2tp for that. Most clients try to use transport mode
> for the IPsec connection. Make sure your peer configuration has that specified. Also, plese make strongSwan
> write a log [1] with the settings shown in [2], show us the log that was created and show us your ipsec.conf.
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
>
> [2]
> default = 3
> mgr = 1
> ike = 1
> net = 1
> enc = 0
> cfg = 2
> asn = 1
> job = 1
> knl = 1
> append=no
> ike_name=no
> flush_line=yes
>
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 29.11.2014 um 17:53 schrieb Imran Akbar:
> > Hi everyone,
> > thanks for such a well-developed and maintained library.
>
> > I'm trying to setup Ipsec/L2TP on my Ubuntu 14 server with IKEv2 and a PSK.
>
> > I've read through a bunch of tutorials online:
> > http://trick77.com/2014/05/04/strongswan-5-vpn-ubuntu-14-04-lts-psk-xauth/
> > http://www.foteviken.de/?p=2175
> > http://endlessroad1991.blogspot.com/2014/04/setup-ipsec-vpn-on-ec2.html
>
> > and I've opened up UDP ports 500 & 4500, but I still have clients complaining about gateway timeouts and not being able to connect to the VPN.
>
> > Is there some sort of a configuration script that can walk you through all the necessary steps to get this working, or a gist that someone could share of their config?
> > I don't see anything in my /var/log/auth.conf that's indicative of VPN traffic.
>
> > yours,
> > imran
>
>
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> https://lists.strongswan.org/mailman/listinfo/users
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUel6+AAoJEDg5KY9j7GZY1ncQAJvIX5GrOL7raDE2noJ4PINy
6Z8TndKdOFN1uSmH8k7xuywLB4tRs3lljkBy9CNe3S0RkfnkNiSPP082MKVSaOdg
+L08vNxzcd2UOjxlEDtziIIAazhb5bGCss+fxjSuLyacW63Pk1knhaHb0u3GtxAJ
uP02g2CHhzr439CgncBUH1+F4EgOT5aK1VbrmcQiTJRG2JnXvZ9iuX1rN9gGAt0R
z166Rf92yi3VVkZTFTAv3gx/nnbTzommukhICW6CMriPoQi84pcaiNi8o8EBxO1L
8O2to2iMZayAukFWZKP/CqN8DVTFBf9kmul2irNvkg1Mg3+QgkAiTTbxKaYWNceX
YvbS5B5TkB9tKbeJo5Y91SPYJsQ9Ff3GyWv8eSgDzVY8DWargDZvU1vFZfzc8It2
X4dVxYs0+Ifbq0gBc4wub8eJbopnIdS7F6T5WriwORonBWSN9axMzJXIM3mFl14l
Dlq0qlNvmg5xo77vpQn4CK1VHo4Gw6yNFQC09Aokux9NxnHXXdHpcH9jl2bkn8p3
Rwoxfy7YFlAkFCJMzpt8ztLOdnlZzJ6/oM+D83osCeJhUN0zHc9mNVYcbBqQ/4Z0
hmhTFX1RoJGHq3rkv49vwam9VnLKY9hxyg/R7pLiXhyg7mVNa5ybyHKryALebcR0
UKDDEavL0ddn9ohcy2ai
=Sw+u
-----END PGP SIGNATURE-----
More information about the Users
mailing list