[strongSwan] Config doesnt work on Windows 10 and Android

bls s bls3427 at outlook.com
Sat Oct 6 00:19:53 CEST 2018 

My directions for importing certificates into Windows 10 can be found at https://github.com/gitbls/pistrong/blob/master/CertInstall.md I've never tested them with Windows 10 Home, so I'd be interested in knowing if they work there.

As an aside, I started using strongSwan following the directions on the zeitgest site you mentioned, and found them to be usable but not easily repeatable, so I built pistrong that codifies my learnings in a script that makes it all easily repeatable. You can find it at https://github.com/gitbls/pistrong 

Good luck, and do let me know if my directions work with Windows 10 Home.

From: Users <users-bounces at lists.strongswan.org> on behalf of Sebastian Pfohl <bthordy at outlook.com>
Sent: Friday, October 5, 2018 12:59 PM
To: users at lists.strongswan.org
Subject: [strongSwan] Config doesnt work on Windows 10 and Android
 
I would like to connect to the VPN server with the native Windows 10 Client, but i cant connect. I have followed a tutorial at https://www.zeitgeist.se/2013/11/22/strongswan-howto-create-your-own-vpn/ but the connection isnt succesfully. I struggle to import the certificates, because the option to import a machine certificate is greyed out in Windows 10 Home. However, i can select manually a user certificate. I dont know if that is ok. I couldnt find any information about Windows 10 Home Edition. Is there any better instruction available, how to make a connection from Windows 10 home to a Strongswan VPN? Here is my current config:

config setup
        charondebug="ike 2, knl 1, cfg 2, dmn 2, net 2"
       
conn %default
        keyexchange=ikev2
        ike=aes256-sha1-modp1024,aes256-sha384-ecp384!
        esp=aes256-sha1,aes256-sha384-ecp384!
        dpdaction=clear
        dpddelay=300s
        rekey=no
       
        left=%any
        leftsubnet=0.0.0.0/0
        leftcert=vpnHostCert.pem
        right=%any
        rightdns=8.8.8.8,8.8.4.4
        rightsourceip=%dhcp

conn IPSec-IKEv2
        keyexchange=ikev2
        auto=add

conn IPSec-IKEv2-EAP
        also="IPSec-IKEv2"
        rightauth=eap-mschapv2
        rightsendcert=never
        eap_identity=%any

Additionally, i use a Samsung Galaxy 7. There i can create a VPN connection with "IPSec IKEv2 RSA" with the build-in Client. I cant connect from here to. The connection is refused. I tought the above configuration should work the VPN type in Samsung Galaxy. Can someone please help to make a proper config please?

More information about the Users mailing list