[strongSwan] Unable to connect to the VPN server from ubuntu via nm-strongswan

Eugene Kabanov kabanov.box at icloud.com
Sat Apr 15 10:38:55 CEST 2017 

Hello!

What I have:
     strongswan 5.2.1 on Bananapi.

That's what I want to use to connect:
     iOS devices;
     Linux on desktop.

These files were created:
     CA private key;
     CA certificate;
     VPN host private key;
     VPN host certificate;
     Client private key;
     Client certificate (.pem and .p12 for iOS).

IPsec configuration file (server):

# ipsec.conf - strongSwan IPsec configuration file

config setup
     charondebug="cfg 2, dmn 2, ike 2, net 2"


conn client
     keyexchange=ikev2
     leftauth=pubkey
     left=%any
     leftid=VPN
     leftcert=vpn-host-certificate.pem
     leftsendcert=always
     leftsubnet=0.0.0.0/0
     right=%any
     rightsourceip=192.168.0.1/24
     rightdns=8.8.8.8,8.8.4.4
     dpdaction=clear
     rightid=*@example.com
     rightcert2=*certificate.pem
     rightauth=eap-tls
     rightsendcert=never
     eap_identity=%identity
     auto=add

Secrets file (server):

# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.

# this file is managed with debconf and will contain the automatically 
created $
include /var/lib/strongswan/ipsec.secrets.inc

: RSA vpn-host-key.pem

I can connect from my iOS devices, but from Ubuntu (16.10 and now 17.04) 
with network-manager-strongswan (1.4.1-1) I can't (Vpn connection failed).

bananapi(server) tail -f /var/log/syslog:

Apr 15 13:32:32 bananapi charon: 08[CFG] no matching peer config found
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_ADDRESS 
attribute
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_DNS 
attribute
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_NBNS 
attribute
Apr 15 13:32:32 bananapi charon: 08[IKE] peer supports MOBIKE
Apr 15 13:32:32 bananapi charon: 08[ENC] generating IKE_AUTH response 1 
[ N(AUTH_FAILED) ]
Apr 15 13:32:32 bananapi charon: 08[NET] sending packet: from 
192.168.0.101[4500] to 85.140.*.*[8066] (76 bytes)
Apr 15 13:32:32 bananapi charon: 03[NET] sending packet: from 
192.168.0.101[4500] to 85.140.*.*[8066]
Apr 15 13:32:32 bananapi charon: 08[IKE] IKE_SA (unnamed)[13] state 
change: CONNECTING => DESTROYING


Settings of vpn-connection (network manager Ubuntu):

Gateway
     Adress: ip adress of the bananapi
     Certificate: CA certificate (.pem)
Client
     Authentication: Certificate/private key
     Certificate: Client certificate(.pem)
     Private key: Client private key(.pem)

Please indicate where I made a mistake.

Best regards,
Eugene

More information about the Users mailing list