[strongSwan] Get working Win7 roadwarriors accross psk or ipsec-cert or ikev2-cert with Strongswan ! Is it possibe ?

CpServiceSPb . cpservicespb at gmail.com
Sat Sep 27 20:12:52 CEST 2014


I have installed Strongswan 5.1.2 from Ubuntu reps at Ubuntu 14.04 LTS x32.
Also there is xl2tpd installed from Ubuntu reps.
Also all will be listed below I did with the lates for Sep, 24 Strongswan
nightly build.
I have Win XP/Win 7/Android 4.4.x roadwarriors at the moment.
Some of them are  behind NAT, some are not.
I have made Ca, Server and client certificate.
There are four connections type: psk, ikev1 with certificate, ikev2 with
machine certificate and ikev2 eap-mschapv2.

I have not been still got working configuration for Win 7 + Strongswan for
a month tries.

At the moment I lost competition against Stronswan + Win 7.

I reached Win XP working as accross psk as certificate, not matter behind
or not NAT.

I got working only one copy Win 7 client behind NAT with psk, but it did
not want to work with ikev1 certificate and with all ikev2. But at the same
time Win XP worked fine as accross psk as ikev1 certificate (the same
certificate as at Win 7) behind the same NAT.

I tried Win 7 with psk, ikev1 cert, ikev2 using bluetooth connection to
cell phone which was connected to 3G/4G network.
And connection of Win 7 with psk, ikev1 cert, ikev2 failed.
At the same time connection from Android from mentioned just above cell
phone was successful as for psk as for certificate.

Parts of my logs are put at My post at Strongswan !
<https://wiki.strongswan.org/issues/714>

Can somebody give step by step instruction and/or working Ca, Server &
Client certificate with testing data as working example that Win 7 could
work accross psk/ikev1/ikev2 ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140927/3b2219f0/attachment.html>


More information about the Users mailing list