[strongSwan] ikev2 win7pro win7ultimate - domain member/not domain member

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jan 30 13:45:04 CET 2018


The logs you provided are not related to your problem. Please provide all information that is listed on the HelpRequests[1]
page and elaborate on the network topology.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

On 29.01.2018 22:18, Marc Roos wrote:
> Workstations on a smb domain 192.168.x.x network can dialin on the 
> remote strongswan server and are gettings ips.
> There are also a few test vms on the libvirt 192.168.122 range. One can 
> dial in, but the other cannot dial in. This is the one that is not 
> member of the domain. 
>
> Could it be that domain specific settings, like eg. lower security 
> protocols have been enabled allowing the ipsec connection to succeed on 
> domain members?
>
> On the good session after candidate "win7" and cert match(?) I get logs 
> like these:
> Jan 29 20:40:14 test2 charon: 11[ENC] generating IKE_AUTH response 1 [ 
> IDr CERT AUTH EAP/REQ/ID ]
> Jan 29 20:40:14 test2 charon: 13[ENC] parsed IKE_AUTH request 2 [ 
> EAP/RES/ID ]
> Jan 29 20:40:14 test2 charon: 13[IKE] received EAP identity 'user1'
> Jan 29 20:40:14 test2 charon: 13[IKE] initiating EAP_MSCHAPV2 method (id 
> 0x8C)
> Jan 29 20:40:14 test2 charon: 13[ENC] generating IKE_AUTH response 2 [ 
> EAP/REQ/MSCHAPV2 ]
>
> While on the session that breaks down I get these, but never the 
> eap_mschapv2
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 8d:a7:1b:f9:3c:da:45:76:89:e9:fe:d0:ee:04:97:58:cb:1e:c3:5b
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> b4:64:ba:c4:50:86:1b:f8:2d:51:ac:24:2c:cd:d8:3b:24:6f:36:fa
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
> Jan 29 20:42:48 test2 charon: 13[IKE] received cert request for unknown 
> ca with keyid 
> dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
>
>
>
>
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180130/ab29af08/attachment.sig>


More information about the Users mailing list