[strongSwan] ubuntu nm-applet faild

Alexander xiedeacc at 163.com
Fri Mar 10 04:13:52 CET 2017


Hi  Andreas,


I'm set up a VPS on amazon EC2 ubuntu16.04, now I can use Win7 and WIn10 and IOS 10.2.1( IPSec Cisco type) to connect this VPS sucessfully, but  vpnc or Cisco AnyConnect, failed




VPS Ubuntu16.04.02    client Ubuntu16.04.02 


==================================================================================================
VPS configure
config setup
    strictcrlpolicy=no
    uniqueids=never
conn %default
    dpdaction=clear
    dpddelay=35s
    dpdtimeout=300s


conn IKEv1-PSK_XAUTH
    keyexchange=ikev1
    fragmentation=yes
    #left -- local(server) side
    left=%any
    leftauth=psk
    leftsubnet=0.0.0.0/0
    #right -- remote(client) side
    right=%any
    rightauth=psk
    rightauth2=xauth
    rightsourceip=10.31.2.0/24
    auto=add




conn IKEv2_CERT_Win7
    keyexchange=ikev2
    ike=aes256-sha1-modp1024
    esp=aes256-sha256
    eap_identity=%any
    fragmentation=yes
    rekey=no
    #mobike=no
    #left -- local(server) side
    left=%any
    #leftid=54.254.236.252
    leftauth=pubkey
    leftcert=host.cert.pem
    leftsubnet=0.0.0.0/0
    leftsendcert=always
    #right -- remote(client) side
    right=%any
    rightauth=pubkey
    #rightauth2=xauth
    rightcert=client.cert.pem
    rightsourceip=10.31.2.0/24
    #rightsendcert=never
    auto=add


conn IKEv2_CHAP_Win7
    keyexchange=ikev2
    #ike=aes256-sha1-modp1024
    #esp=aes256-sha256
    #eap_identity=%any
    fragmentation=yes
    rekey=no
    #mobike=no
    #left -- local(server) side
    left=%any
    #leftid=54.254.236.252
    leftauth=pubkey
    leftcert=host.cert.pem
    leftsubnet=0.0.0.0/0
    leftsendcert=always
    #right -- remote(client) side
    right=%any
    rightauth=eap-mschapv2
    #rightcert=client.cert.pem
    rightsourceip=10.31.2.0/24
    rightsendcert=never
    eap_identity=%any
    auto=add




conn networkmanager-strongswan
    keyexchange=ikev2
    left=%any
    leftauth=pubkey
    leftsubnet=0.0.0.0/0
    leftcert=host.cert.pem
    right=%any
    rightauth=pubkey
    rightauth2=xauth
    rightsourceip=10.31.2.0/24
    rightcert=client.cert.pem
    auto=add
==================================================================================================






==================================================================================================
WIn7 can use MS-CHAPV2 and certifications to connect  success! 
Win10 can use certifications                          success! 
==================================================================================================
IOS 10.2.1 type IPSec use account password psk success!




==================================================================================================
VPNC failed,  error code (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
here is my configure
IPSec gateway 54.254.236.252
IPSec ID 54.254.236.252
IPSec secret xiedeacc
IKE Authmode psk
Xauth username xiedeacc
Xauth password xiedeacc
#NAT Traversal Mode natt
#IKE DH Group dh5
because this kind of connection similiar with IOS 10.2.1 IPSec type, So I guess it's my configure error


==============================================================================================================================
strongswan NetworkManager Applet 1.4.1 will cause NetworkManager coruption,  and I noticed that compile networkmanager applet must configure use a --prefix=/usr option, for working with networkmanager. and this applet can only support cert and eap type, didn't support anyother type.


==============================================================================================================================
Cisco AnyConnect Client failed, and even this program cann't display many configure options, it's just show server option, user
account or password option can't saw



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170310/2c54b4c7/attachment.html>


More information about the Users mailing list