[strongSwan] Issue with StrongSwan and a MySQL backend. Cannot authenticate.

Joe O notjoe at gmail.com
Wed Sep 14 14:49:28 CEST 2016

down vote
I have Strongswan installed and configured on my server. I've been able to successfully authentication against it when using the standard ipsec.secrets for the list of users. I want to enable the mysql plugin for backend authentication. However, I am unable to successfully authentication when I change my configuration.

I followed the instructions over at Can one use a MySQL backend for user authentication in a strongswan VPN server? <http://serverfault.com/questions/716552/can-one-use-a-mysql-backend-for-user-authentication-in-a-strongswan-vpn-server>
My strongswan.conf is as follows:

charon {
  load_modular = yes
  send_vendor_id = yes
  plugins {
    include strongswan.d/charon/*.conf
    sql {
      database = mysql://root:temp1234@localhost/strongswan_free

include strongswan.d/*.conf
Here is the error from the logs:

Sep 14 08:53:17 localhost pppd[3680]: Using interface ppp0
Sep 14 08:53:17 localhost pppd[3680]: Connect: ppp0 <--> /dev/pts/1
Sep 14 08:53:17 localhost pppd[3680]: No CHAP secret found for authenticating vpnuser
Sep 14 08:53:17 localhost pppd[3680]: Peer vpnuser failed CHAP authentication
Sep 14 08:53:17 localhost xl2tpd[3580]: control_finish: Connection closed to, serial 1 ()
I do not see anything in the logs about establishing a connection to the mysql server either. In addition to that, The connection ID on mysql is not incrementing on every VPN connection attempt so it doesn't look like it is even trying to use mysql to authenticate the user.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160914/47b6e506/attachment.html>

More information about the Users mailing list