[strongSwan] ipsec problem
Noel Kuntze
noel at familie-kuntze.de
Fri Mar 10 23:09:18 CET 2017
On 10.03.2017 16:45, Gokan Atmaca wrote:
> Hello
>
> I started the vpn service as follows. But it gives an authentication
> error. (1) (os:ubuntu1604lts)
>
> (1)
> Mar 10 17:44:32 ubuntu charon: 02[IKE] Z.Z.Z.Z is initiating a
> Aggressive Mode IKE_SA
> Mar 10 17:44:32 ubuntu charon: 02[IKE] Aggressive Mode PSK disabled
> for security reasons
> Mar 10 17:44:32 ubuntu charon: 02[ENC] generating INFORMATIONAL_V1
> request 2604966255 [ N(AUTH_FAILED) ]
> Mar 10 17:44:32 ubuntu charon: 02[NET] sending packet: from
> 148.251.173.26[500] to 37.154.177.11[28762] (56 bytes)
Throw away the whole configuration. It's crap.
Use the one for Responder under Roadwarrior scenario on the UsableExamples
wiki page[1].
You surely don't want to use IKEv1 aggressive mode. It's highly insecure.
Use main mode or switch to IKEv2. Alternatively, use hybrid authentication
or symmetric RSA with XAUTH.
If you really want to use aggressive mode,
set charon.i_dont_care_about_security_and_use_aggressive_mode_psk = yes
in strongswan.conf.
Read the man pages to understand the format of the files.
Also, pluto doesn't exist anymore since version 5.0.0.
[1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170310/f8df2a1a/attachment.sig>
More information about the Users
mailing list