[strongSwan] Unable to connect to the VPN server from ubuntu via nm-strongswan
Eugene Kabanov
kabanov.box at icloud.com
Sat Apr 15 10:38:55 CEST 2017
Hello!
What I have:
strongswan 5.2.1 on Bananapi.
That's what I want to use to connect:
iOS devices;
Linux on desktop.
These files were created:
CA private key;
CA certificate;
VPN host private key;
VPN host certificate;
Client private key;
Client certificate (.pem and .p12 for iOS).
IPsec configuration file (server):
# ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="cfg 2, dmn 2, ike 2, net 2"
conn client
keyexchange=ikev2
leftauth=pubkey
left=%any
leftid=VPN
leftcert=vpn-host-certificate.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=192.168.0.1/24
rightdns=8.8.8.8,8.8.4.4
dpdaction=clear
rightid=*@example.com
rightcert2=*certificate.pem
rightauth=eap-tls
rightsendcert=never
eap_identity=%identity
auto=add
Secrets file (server):
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
# this file is managed with debconf and will contain the automatically
created $
include /var/lib/strongswan/ipsec.secrets.inc
: RSA vpn-host-key.pem
I can connect from my iOS devices, but from Ubuntu (16.10 and now 17.04)
with network-manager-strongswan (1.4.1-1) I can't (Vpn connection failed).
bananapi(server) tail -f /var/log/syslog:
Apr 15 13:32:32 bananapi charon: 08[CFG] no matching peer config found
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_ADDRESS
attribute
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_DNS
attribute
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_NBNS
attribute
Apr 15 13:32:32 bananapi charon: 08[IKE] peer supports MOBIKE
Apr 15 13:32:32 bananapi charon: 08[ENC] generating IKE_AUTH response 1
[ N(AUTH_FAILED) ]
Apr 15 13:32:32 bananapi charon: 08[NET] sending packet: from
192.168.0.101[4500] to 85.140.*.*[8066] (76 bytes)
Apr 15 13:32:32 bananapi charon: 03[NET] sending packet: from
192.168.0.101[4500] to 85.140.*.*[8066]
Apr 15 13:32:32 bananapi charon: 08[IKE] IKE_SA (unnamed)[13] state
change: CONNECTING => DESTROYING
Settings of vpn-connection (network manager Ubuntu):
Gateway
Adress: ip adress of the bananapi
Certificate: CA certificate (.pem)
Client
Authentication: Certificate/private key
Certificate: Client certificate(.pem)
Private key: Client private key(.pem)
Please indicate where I made a mistake.
Best regards,
Eugene
More information about the Users
mailing list