[strongSwan] IPSec vpmc PSK configuration issues

Johannes Kastl mail at ojkastl.de
Thu Jun 2 09:52:13 CEST 2016


On 01.06.16 22:39 Fabian Dre├čler wrote:

> I hope you can help me with my Strongswan Configuration. The goal is to
> have a VPN Server for my Smartphone (Android) and my Computer (Ubuntu)
> in America. (I am from Germany)

Android can use IKEv2 with RSA-certificates. What does Ubuntu/VPNC
support?

Can you connect using android and the official strongswan client? May
help in debugging, if you know your server works with android.

>     Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] X.X.X.X is
>     initiating a Aggressive Mode IKE_SA

Aggressive mode. I do not think that is needed/good.

>     Jun  1 20:33:49 ip-172-31-56-231 charon: 12[CFG] looking for
>     XAuthInitPSK peer configs matching 172.31.56.231...X.X.X.X[fabian]
>     Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] no peer config found

Your configs are not valid, somehow.

> //etc/ipsec.conf//:/
> 
>     conn fabian
>      keyexchange=ikev1

>      authby=xauthpsk
>      xauth=server

Are these two lines needed?

>      left=%defaultroute
>      leftsubnet=0.0.0.0/0
>      leftfirewall=yes
>      right=%any
>      rightsubnet=192.168.201.0/24
>      rightsourceip=192.168.201.1/24

Is rightsubnet needed, if you have rightsourceip?

>      rightdns=8.8.8.8
>      auto=add
>      leftauth=psk
>      rightauth=psk
>      rightauth2=xauth

I thought these lines are enough and you could omit the two lines
above (authby and xauth).

>     Jun  1 22:38:27 Fabian-PC NetworkManager[918]: /usr/sbin/vpnc:
>     response was invalid [1]:  (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)

I found this with a short google search, which is also about vpnc:
https://lists.strongswan.org/pipermail/users/2013-April/004507.html

But the OP did not find/post a solution.

Johannes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 244 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160602/f24f9e46/attachment.sig>


More information about the Users mailing list