[strongSwan] No connection with windows7/8

Marc Müller marc.mueller at apit-solutions.de
Thu Apr 9 11:15:14 CEST 2015 

Hello, I can not connect from a Windows client to the server Strongswan. But I try the Fritzbox should connect to the server Strongswan If this works. If I want from a Windows client to the Strongswan via VPN connection I get the error 800" The VPN server may be unreachable."(But with the Fritzbox I can connect?)  In the log files If nothing. Only the Fritzbox are compounds with the Strongswan server.

Ipsec.conf:
conn %default
    keyexchange=ikev2
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    dpdaction=clear
    dpddelay=300s
    rekey=no

conn win7
    left=%any
    leftsubnet=10.254.254.0/24
    leftauth=pubkey
    leftcert=serverCert.pem
    leftid=@vpn.VPNServ.de
    right=%any
    rightsourceip=10.10.3.0/24
    rightauth=eap-mschapv2
    #rightsendcert=never   # see note
    eap_identity=%any
    auto=add

ipsec.secrets:

: RSA serverKey.pem

marc : EAP "xxxxxxxxx"
marc : XAUTH "xxxxxxxx"

IPsec Statusall:

root at s17338927:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-49-generic, x86_64):
  uptime: 3 seconds, since Apr 09 10:59:23 2015
  malloc: sbrk 1351680, mmap 0, used 341968, free 1009712
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-peap xauth-generic addrblock
Virtual IP pools (size/online/offline):
  192.168.178.0/24: 254/0/0
Listening IP addresses:
  ServerIP
  10.254.254.1
  2001:8d8:881:1c00::72:88bd
Connections:
        win7:  %any...%any  IKEv2, dpddelay=300s
        win7:   local:  [vpn.VPNServ.de] uses public key authentication
        win7:    cert:  "C=DE, O=VPNGLA, CN=vpn.VPNServ.de"
        win7:   remote: uses EAP_MSCHAPV2 authentication with EAP identity '%any'
        win7:   child:  10.254.254.0/24 === dynamic TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
  None



Mit freundlichen Grüßen aus Gladbeck
-------------------------------
Marc Müller

_______________________________________________

APITSolutions
Andreas Patzelt IT Solutions
Krusenkamp 24
45964 Gladbeck

Telefon: 02043 / 9357169
Fax: 02043 / 9350639

E-Mail: marc.mueller at apit-solutions.de<mailto:marc.mueller at apit-solutions.de>
Web:    http://apit-solutions.de

USt-IdNr.: DE273467836
Geschäftsführung und Verantwortlichkeit:
Andreas Patzelt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150409/27a92439/attachment-0001.html>

More information about the Users mailing list