[strongSwan] Host-to-Host Windows to Debian (StrongSwan)

Giuseppe De Marco giuseppe.demarco at unical.it
Fri Oct 27 12:56:37 CEST 2017


I used Debian as Server and windows as clients in ike2 conn.
working setup can be found here

https://github.com/peppelinux/UniTools/blob/master/IPSec/ipsec.fw.sh

I never used ike1, sorry

2017-10-27 11:13 GMT+02:00 Ben Lavender <ben.lavender at virtualdcs.co.uk>:

> Anyone think they could assist with this?
>
>
>
> *From:* Ben Lavender
> *Sent:* 24 October 2017 17:23
> *To:* 'users at lists.strongswan.org' <users at lists.strongswan.org>
> *Subject:* Host-to-Host Windows to Debian (StrongSwan)
>
>
>
> Hello,
>
>
>
> Please could anyone assist with this problem?
>
>
>
> We have setup a connection between to servers (right Windows | left
> Debian-StrongSwan) in a host-to-host configure, where the Windows server
> will be establishing the connection using transport mode (IKEv1). The
> authentication is set to use a X.509 certificates.
>
>
>
> The problem we are having seems to be within the two log lines below:
>
>
>
> Oct 24 16:21:45 LAB-DEBCLIENT-01 charon: 07[ENC] parsed INFORMATIONAL_V1
> request 62237808 [ HASH N(AUTH_FAILED) ]
>
> Oct 24 16:21:45 LAB-DEBCLIENT-01 charon: 07[IKE] received
> AUTHENTICATION_FAILED error notify
>
>
>
> Is there any advice given for attempting to resolve this issue? I can
> provide full logs if need be. Thanks.
>
>
>
> /etc/ipsec.conf
>
>
>
> # ipsec.conf - strongSwan IPsec configuration file
>
>
>
> config setup
>
>         charondebug="ike 4, knl 4, cfg 4"
>
>
>
> conn %default
>
>         ikelifetime=60m
>
>         keylife=20m
>
>         rekeymargin=3m
>
>         keyingtries=1
>
>         mobike=no
>
>         keyexchange=ike
>
>
>
> conn host-host
>
>         left=192.168.2.9
>
>         leftcert=deb.crt.pem
>
>         leftid="CN=LAB-DEBCLIENT-01.lab.vdcs.local"
>
>         leftfirewall=yes
>
>         right=192.168.2.5
>
>         rightid="CN=LAB-FPSVR-01.lab.vdcs.local"
>
>         type=transport
>
>         auto=add
>
>
>
> ca strongswan
>
>        cacert=rootca.pem
>
>        crluri=http://LAB-DC-01.lab.vdcs.local/tempcrl/lab-LAB-DC-
> 01-CA-1.crl
>
>        auto=add
>
>
>
>
>
> /etc/ipsec.secrets
>
>
>
> # This file holds shared secrets or RSA private keys for authentication.
>
>
>
> # RSA private key for this host, authenticating it to any other host
>
> # which knows the public part.
>
>
>
> : RSA deb.key.pem
>
>
>
> Regards
>
>
>
> Ben
>
>
>
> Virtual Data Centre Services (virtualDCS) is registered in England and
> Wales under company number 07238621; registered address: The Waterscape,
> 42 Leeds and Bradford Road, LS5 3EG
> <https://maps.google.com/?q=The+Waterscape,+42+Leeds+and+Bradford+Road,+LS5+3EG&entry=gmail&source=g>.
> This e-mail and any attachments are strictly confidential and intended for
> the addressee only. If you are not the named addressee you must not
> disclose, copy, or take any action in reliance of this transmission, and
> you should notify us as soon as possible. Any views or opinions expressed
> are solely those of the author and do not necessarily represent those of
> virtualDCS. This e-mail and any attachments are believed to be free from
> viruses but it is your responsibility to carry out all necessary virus
> checks, and virtualDCS accepts no liability in connection therewith.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171027/dd00bc9b/attachment-0001.html>


More information about the Users mailing list