[strongSwan] Problem connecting to L2TP/IPSec VPN
Jonas Koperdraat
jonas at jonaskoperdraat.nl
Sat Oct 20 07:00:19 CEST 2018
Thanks for the reply.
I'll get in touch with support and see if I can find out the specifics of
phase 2.
Kind regards,
Jonas
On Thu, Oct 18, 2018, 18:40 Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> Hi,
>
> It looks like something is off with your phase two configuration. It can
> be anything in your phase two configuration that it doesn't like. You're
> better off just asking the administrator of the other side what they expect.
>
> Kind regards
>
> Noel
>
> Am 16.10.18 um 22:16 schrieb Jonas Koperdraat:
> > Hello there,
> >
> > I'm having trouble connecting to my company's VPN from my Linux laptop.
> I have spent quite some time trying to figure out what might be causing
> this problem, but frankly my knowledge on the subject is limited, so I'm
> hoping someone here might be able to help me in the right direction. Any
> help would be greatly appreciated!
> >
> > My campany uses an L2TP VPN with en IPSec tunnel. Using the same
> credentials as I'm using on my laptop, I am able to connect to the network
> from my mobile phone funning Android Oreo, without any problems, but from
> my laptop I am unable to connect.
> >
> > I am running Ubuntu 18.04.1 LTS.
> >
> > jonas at Jonas-XPS13:~$ uname -a
> > Linux Jonas-XPS13 4.15.0-1018-oem #21-Ubuntu SMP Tue Aug 28 14:12:47 UTC
> 2018 x86_64 x86_64 x86_64 GNU/Linux
> >
> > Following these instructions, I added the L2TP network manager to Gnome:
> >
> https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721
> >
> > However, I wasn't able to connect. This stackoverflow question/answer
> (among others) mentioned that I might have to specify phase 1 and phase 2
> algorithms:
> >
> https://askubuntu.com/questions/904217/unable-to-connect-l2tp-ipsec-vpn-from-ubuntu-16-04
> >
> > I ran an ike-scan, from which I concluded that the VPN indeed uses old
> algorithms, so I added 3des-sha1-modp1024! and 3des-sha1! as phase 1 and
> phase 2 algorithms. For good measure I added the exclamation marks, as some
> solutions mentioned that might be required.
> >
> > jonas at Jonas-XPS13:~$ sudo ike-scan -v office.********.nl
> > DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us
> > Starting ike-scan 1.9.4 with 1 hosts (
> http://www.nta-monitor.com/tools/ike-scan/)
> > 87.213.34.174Main Mode Handshake returned HDR=(CKY-R=254e5ebbbb17c30a)
> SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds
> LifeDuration=28800) VID=5b362bc820f60007 (SonicWall-7)
> >
> > Ending ike-scan 1.9.4: 1 hosts scanned in 0.060 seconds (16.70
> hosts/sec). 1 returned handshake; 0 returned notify
> >
> > Unfortunately, even though that seemed to be the solution for the
> majority of the problems I encountered online, I am still unable to
> connect. Below are links to pastebins with relevant information:
> >
> > Logging of a connection attempt: https://pastebin.com/cEwMQjjC
> > /etc/strongswan.conf: https://pastebin.com/LppKLiqw
> > /etc/strongswan.d/charon.conf https://pastebin.com/9ecW0LXJ
> >
> > Kind regards and thanks in advance,
> >
> > Jonas
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181020/b6b9c9ca/attachment.html>
More information about the Users
mailing list