[strongSwan] ubuntu nm-applet faild
Alexander
xiedeacc at 163.com
Fri Mar 10 04:18:43 CET 2017
Hi Andreas,
I'm set up a VPS on amazon EC2 ubuntu16.04, now I can use Win7 and WIn10 and IOS 10.2.1( IPSec Cisco type) to connect this VPS sucessfully, but vpnc or Cisco AnyConnect, failed
VPS Ubuntu16.04.02 client Ubuntu16.04.02
==================================================================================================
VPS configure
config setup
strictcrlpolicy=no
uniqueids=never
conn %default
dpdaction=clear
dpddelay=35s
dpdtimeout=300s
conn IKEv1-PSK_XAUTH
keyexchange=ikev1
fragmentation=yes
#left -- local(server) side
left=%any
leftauth=psk
leftsubnet=0.0.0.0/0
#right -- remote(client) side
right=%any
rightauth=psk
rightauth2=xauth
rightsourceip=10.31.2.0/24
auto=add
conn IKEv2_CERT_Win7
keyexchange=ikev2
ike=aes256-sha1-modp1024
esp=aes256-sha256
eap_identity=%any
fragmentation=yes
rekey=no
#mobike=no
#left -- local(server) side
left=%any
#leftid=54.254.236.252
leftauth=pubkey
leftcert=host.cert.pem
leftsubnet=0.0.0.0/0
leftsendcert=always
#right -- remote(client) side
right=%any
rightauth=pubkey
#rightauth2=xauth
rightcert=client.cert.pem
rightsourceip=10.31.2.0/24
#rightsendcert=never
auto=add
conn IKEv2_CHAP_Win7
keyexchange=ikev2
#ike=aes256-sha1-modp1024
#esp=aes256-sha256
#eap_identity=%any
fragmentation=yes
rekey=no
#mobike=no
#left -- local(server) side
left=%any
#leftid=54.254.236.252
leftauth=pubkey
leftcert=host.cert.pem
leftsubnet=0.0.0.0/0
leftsendcert=always
#right -- remote(client) side
right=%any
rightauth=eap-mschapv2
#rightcert=client.cert.pem
rightsourceip=10.31.2.0/24
rightsendcert=never
eap_identity=%any
auto=add
conn networkmanager-strongswan
keyexchange=ikev2
left=%any
leftauth=pubkey
leftsubnet=0.0.0.0/0
leftcert=host.cert.pem
right=%any
rightauth=pubkey
rightauth2=xauth
rightsourceip=10.31.2.0/24
rightcert=client.cert.pem
auto=add
==================================================================================================
==================================================================================================
WIn7 can use MS-CHAPV2 and certifications to connect success!
Win10 can use certifications success!
==================================================================================================
IOS 10.2.1 type IPSec use account password psk success!
==================================================================================================
VPNC failed, error code (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
here is my configure
IPSec gateway 54.254.236.252
IPSec ID 54.254.236.252
IPSec secret xiedeacc
IKE Authmode psk
Xauth username xiedeacc
Xauth password xiedeacc
#NAT Traversal Mode natt
#IKE DH Group dh5
because this kind of connection similiar with IOS 10.2.1 IPSec type, So I guess it's my configure error
==============================================================================================================================
strongswan NetworkManager Applet 1.4.1 will cause NetworkManager coruption, and I noticed that compile networkmanager applet must configure use a --prefix=/usr option, for working with networkmanager. and this applet can only support cert and eap type, didn't support anyother type.
==============================================================================================================================
Cisco AnyConnect Client failed, and even this program cann't display many configure options, it's just show server option, user
account or password option can't saw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170310/240a1c69/attachment-0001.html>
More information about the Users
mailing list