[strongSwan] Issue with StrongSwan and a MySQL backend. Cannot authenticate.

Andreas Steffen andreas.steffen at strongswan.org
Wed Sep 14 15:22:43 CEST 2016


Hi Joe,

yes, you can use a MySQL database to store your strongSwan
configuration and user credentials. The error messages in
your log are coming from pppd and xl2tpd, though, which are
not handled by strongSwan.

Regards

Andreas

On 14.09.2016 14:49, Joe O wrote:
>
>
> down votefavorite
> <http://serverfault.com/questions/802957/strongswan-with-mysql-backend-authentication-not-autneticating#>
> 	
>
> I have Strongswan installed and configured on my server. I've been able
> to successfully authentication against it when using the standard
> ipsec.secrets for the list of users. I want to enable the mysql plugin
> for backend authentication. However, I am unable to successfully
> authentication when I change my configuration.
>
> I followed the instructions over at Can one use a MySQL backend for user
> authentication in a strongswan VPN server?
> <http://serverfault.com/questions/716552/can-one-use-a-mysql-backend-for-user-authentication-in-a-strongswan-vpn-server>
>
> My strongswan.conf is as follows:
>
> |charon { load_modular = yes send_vendor_id = yes plugins { include
> strongswan.d/charon/*.conf sql { database =
> mysql://root:temp1234@localhost/strongswan_free } } } include
> strongswan.d/*.conf |
>
> Here is the error from the logs:
>
> |Sep 14 08:53:17 localhost pppd[3680]: Using interface ppp0 Sep 14
> 08:53:17 localhost pppd[3680]: Connect: ppp0 <--> /dev/pts/1 Sep 14
> 08:53:17 localhost pppd[3680]: No CHAP secret found for authenticating
> vpnuser Sep 14 08:53:17 localhost pppd[3680]: Peer vpnuser failed CHAP
> authentication Sep 14 08:53:17 localhost xl2tpd[3580]: control_finish:
> Connection closed to 192.168.20.224, serial 1 () |
>
> I do not see anything in the logs about establishing a connection to the
> mysql server either. In addition to that, The connection ID on mysql is
> not incrementing on every VPN connection attempt so it doesn't look like
> it is even trying to use mysql to authenticate the user.
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160914/b79b4461/attachment.bin>


More information about the Users mailing list