[strongSwan] Strongswan 5.1.2 or 5.2.1, Windows 7, ikev2 is not still working !

CpServiceSPb . cpservicespb at gmail.com
Wed Oct 15 22:50:38 CEST 2014


I installed Strongswan 5.1.2 from Ubuntu 14.04 reps or 5.2.1 night build
and xl2tpd.
Also created certificates (ca, server, clients) .
So, Win 7 l2tp/cert connection is established with these certificates, but
ikev2 connection as with machine certs as eap-mschapv2 do not work and
causes the same error:









*getting a local address in traffic selector 10.10.1.0/24
<http://10.10.1.0/24>[KNL] no local address found in traffic selector
10.10.1.0/24 <http://10.10.1.0/24>[IKE] CHILD_SA ikev2_machine_cert{1}
established with SPIs ce88164c_i f9267310_o and TS 10.10.1.0/24
<http://10.10.1.0/24> === 10.10.2.10/32 <http://10.10.2.10/32>[ENC]
generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS NBNS DNS NBNS)
SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ][NET] sending packet:
from 95.252.95.95[4500] to 5.18.98.53[4500] (1500 bytes)[DMN] signal of
type SIGINT received. Shutting down[IKE] queueing IKE_DELETE task[IKE]
activating new tasks[IKE]   activating IKE_DELETE task*
My machine cert connection part:
conn ikev2_machine_cert
    auto=add
    esp=aes256-sha1
    ike=aes256-sha1-modp1024
    keyexchange=ikev2
    left=95.252.95.95
    leftsubnet=10.10.1.0/24
    leftcert=/etc/ipsec.d/certs/server.crt
    right=%any
    rightsourceip=10.10.2.0/24
    type=tunnel

conn ikev2_cert_eap-mschapv2
        keyexchange=ikev2
        ike=aes256-sha1-modp1024!
        esp=aes256-sha1!
        dpdaction=clear
        dpddelay=300s
        rekey=no
        left=95.252.95.95
        leftsubnet=0.0.0.0/0
        leftauth=pubkey
        leftcert=/etc/ipsec.d/certs/server.crt
        leftid=95.252.95.95
        right=%any
        rightauth=eap-mschapv2
        rightsendcert=never
        rightsourceip=10.10.3.10
        eap_identity=%any
        auto=add
        type=tunnel

What is wrong and where is mistake ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141016/d4b59cdf/attachment.html>


More information about the Users mailing list