[strongSwan] No connection with windows7/8
Marc Müller
marc.mueller at apit-solutions.de
Sat Apr 11 00:12:16 CEST 2015
Hello Fred
The connections works. I have forgot the cacert. But i become no Internet connections pls help.
German:
Hallo,
ich kann mich mit meinen clients verbinden, jedoch habe ich dann direkt kein internetzugriff mehr. Ich hab leider keine logs da dies bei mir irgendwie nicht funktioniert. Ich weis nicht warum keine log dateien angelegt werden.
Ubuntu LTS
Strongswan 5.1.2
Root Server Hetzner
Meine Configs:
English:
Hello,
I can connect with my clients, but I haveno internet access then directly more.Unfortunately I do not have logs as thissomehow does not work for me. I do not know why no log files are created.
Ubuntu LTS
strongswan 5.1.2
Root servers Hetzner
under my cmd(ipconfig) the gateway from the VPN connection is 0.0.0.0 it´s wrong ?
My configs:
ipsec.conf
config setup
# uniqueids=never
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn %default
keyexchange=ikev2
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
right=%any
rightdns=8.8.8.8,8.8.4.4
rightsourceip=10.254.254.0/24
conn IPSec-IKEv2
keyexchange=ikev2
auto=add
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add
Ipsec.secrets:
: RSA serverKey.pem
mtes : EAP "123456"
mtest : XAUTH "1234567<tel:1234567>"
atest : EAP "12345"
strongswan.conf:
charon {
# number of worker threads in charon
threads = 16
# dns
dns1 = 10.254.254.1
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
}
}
}
libstrongswan {
# test crypto at startup
crypto_test {
on_add = yes
}
}
Von meinem iPhone gesendet
Am 09.04.2015 um 11:54 schrieb "Fred" <curious_freddy at gmsl.co.uk<mailto:curious_freddy at gmsl.co.uk>>:
On 09/04/2015 10:15, Marc Müller wrote:
Hello,I can not connect from a Windows client to the server Strongswan.
But I try the Fritzbox should connect to the server Strongswan If this
works. If I want from a Windows client to the Strongswan via VPN
connection I get the error 800”The VPNserver may beunreachable.”(But
with the Fritzbox I can connect?) In the log files If nothing. Only the
Fritzbox are compounds with the Strongswan server.
You can always enable logs on Strongswan.
e.g.
charondebug="app 2, asn 2, chd 2, job 2, tnc 2, tls 2, knl 2, cfg 2, dmn 2, ike 2, net 2, lib 2, mgr 2"
Make sure the CA public cert is installed as a trusted CA on your Windows machine for Windows to trust serverCert.pem, otherwise it will refuse to connect.
Also make sure that the recommended certificate requirements are met for serverCert.pem:
e.g. --flag serverAuth --flag ikeIntermediate
Fred
_______________________________________________
Users mailing list
Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>
https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150410/4c41a57f/attachment-0001.html>
More information about the Users
mailing list