[strongSwan] Configuration Problem

Gao19, Zenghao zgao19 at choate.edu
Sun Dec 4 05:00:04 CET 2016


Dear All,

I was using a ECC certificate(P-384)(secp384r1) to configure for my IKEv2 VPN, and I used a script to set up a VPN

https://github.com/quericy/one-key-ikev2-vpn


This script is used for more common RSA certs, but I have a ECC cert, so I can't connect my vpn after creation.

Please help me with the config files.


ipsec.conf:


config setup

    uniqueids=never


conn iOS_cert

    keyexchange=ikev1

    fragmentation=yes

    left=%defaultroute

    leftauth=pubkey

    leftsubnet=0.0.0.0/0

    leftcert=server.cert.pem

    right=%any

    rightauth=pubkey

    rightauth2=xauth

    rightsourceip=10.31.2.0/24

    rightcert=client.cert.pem

    auto=add


conn android_xauth_psk

    keyexchange=ikev1

    left=%defaultroute

    leftauth=psk

    leftsubnet=0.0.0.0/0

    right=%any

    rightauth=psk

    rightauth2=xauth

    rightsourceip=10.31.2.0/24

    auto=add


conn networkmanager-strongswan

    keyexchange=ikev2

    left=%defaultroute

    leftauth=pubkey

    leftsubnet=0.0.0.0/0

    leftcert=server.cert.pem

    right=%any

    rightauth=pubkey

    rightsourceip=10.31.2.0/24

    rightcert=client.cert.pem

    auto=add


conn ios_ikev2

    keyexchange=ikev2

    ike=aes256-sha384-ecp384!

    rekey=no

    left=%defaultroute

    leftid= My domain name goes here

    leftsendcert=always

    leftsubnet=0.0.0.0/0

    leftcert=server.cert.pem

    right=%any

    rightauth=eap-mschapv2

    rightsourceip=10.31.2.0/24

    rightsendcert=never

    eap_identity=%any

    dpdaction=clear

    fragmentation=yes

    auto=add


conn windows7

    keyexchange=ikev2

    ike=aes256-sha384-ecp384!

    rekey=no

    left=%defaultroute

    leftauth=pubkey

    leftsubnet=0.0.0.0/0

    leftcert=server.cert.pem

    right=%any

    rightauth=eap-mschapv2

    rightsourceip=10.31.2.0/24

    rightsendcert=never

    eap_identity=%any

    auto=add


Although I don't think this is directly related, I add strongswan.conf here


strongswan.conf

 charon {

        load_modular = yes

        duplicheck.enable = no

        compress = yes

        plugins {

                include strongswan.d/charon/*.conf

        }

        dns1 = 8.8.8.8

        dns2 = 8.8.4.4

        nbns1 = 8.8.8.8

        nbns2 = 8.8.4.4

}

include strongswan.d/*.conf


Please help me with this issue. I really appreciate it.

Thank you.

Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161204/65add75c/attachment-0001.html>


More information about the Users mailing list