[strongSwan] IPSec vpmc PSK configuration issues
Johannes Kastl
mail at ojkastl.de
Thu Jun 2 09:52:13 CEST 2016
On 01.06.16 22:39 Fabian Dreßler wrote:
> I hope you can help me with my Strongswan Configuration. The goal is to
> have a VPN Server for my Smartphone (Android) and my Computer (Ubuntu)
> in America. (I am from Germany)
Android can use IKEv2 with RSA-certificates. What does Ubuntu/VPNC
support?
Can you connect using android and the official strongswan client? May
help in debugging, if you know your server works with android.
> Jun 1 20:33:49 ip-172-31-56-231 charon: 12[IKE] X.X.X.X is
> initiating a Aggressive Mode IKE_SA
Aggressive mode. I do not think that is needed/good.
> Jun 1 20:33:49 ip-172-31-56-231 charon: 12[CFG] looking for
> XAuthInitPSK peer configs matching 172.31.56.231...X.X.X.X[fabian]
> Jun 1 20:33:49 ip-172-31-56-231 charon: 12[IKE] no peer config found
Your configs are not valid, somehow.
> //etc/ipsec.conf//:/
>
> conn fabian
> keyexchange=ikev1
> authby=xauthpsk
> xauth=server
Are these two lines needed?
> left=%defaultroute
> leftsubnet=0.0.0.0/0
> leftfirewall=yes
> right=%any
> rightsubnet=192.168.201.0/24
> rightsourceip=192.168.201.1/24
Is rightsubnet needed, if you have rightsourceip?
> rightdns=8.8.8.8
> auto=add
> leftauth=psk
> rightauth=psk
> rightauth2=xauth
I thought these lines are enough and you could omit the two lines
above (authby and xauth).
> Jun 1 22:38:27 Fabian-PC NetworkManager[918]: /usr/sbin/vpnc:
> response was invalid [1]: (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
I found this with a short google search, which is also about vpnc:
https://lists.strongswan.org/pipermail/users/2013-April/004507.html
But the OP did not find/post a solution.
Johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 244 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160602/f24f9e46/attachment.sig>
More information about the Users
mailing list