[strongSwan] IKEv2 RSA or EAP (mschap2) with Windows 10 client

Krešo Kunjas kkunjas at gmail.com
Tue Nov 24 21:54:49 CET 2015 

Hi to all!

I have some problem with strongswan setup using WIndows10 builtin VPN
client.

I have configured everything using this guide:

https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/

When im using linux clients with RSA keys everything works as expected.
Even using Android client with IKEv1 Xauth everything works.

But when using Windows 10 builtin VPN clients i cannot connect, connection
timeouts.

This is the log when Windows 10 client is connecting:

http://paste2.org/t2JXOHhF

This is my ipsec.conf

kkunjas at linfw:~$ cat /etc/ipsec.conf
config setup
        uniqueids=never
        charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default
        keyexchange=ikev2

ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!

esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
        dpdaction=clear
        dpddelay=300s
        rekey=no
        left=%any
        leftsubnet=10.0.117.0/24
        leftcert=vpnHostCert.pem
        leftfirewall=yes
        right=%any
        #rightsourceip=10.0.117.48/28
        rightsourceip=10.0.118.0/24

conn IPSec-IKEv2
        keyexchange=ikev2
        auto=add

conn IPSec-IKEv2-EAP
        also="IPSec-IKEv2"
        rightauth=eap-mschapv2
        rightsendcert=never
        eap_identity=%any

conn CiscoIPSec
        keyexchange=ikev1
        # forceencaps=yes
        rightauth=pubkey
        rightauth2=xauth
        auto=add

strongswan version:

~$ ipsec --version
Linux strongSwan U5.1.2/K3.13.0-68-generic
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.

Server and client certificate are succesfully imported into Windows.

The errors are the same if i'm using client RSA cert for auto or EAP-MsChap2

I'm still new to IPsec and Strongswan, so im currenty stuck and i need
Win10 native clients to connect, so please advise.
If you need additional info please feel free to ask.

ty
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151124/9f337a71/attachment.html>

More information about the Users mailing list