[strongSwan] Strongswan on Ubuntu - Failure to connect from Windows 10 client -error: deleting half open IKE_SA with 154.**.***.** after timeout
MOSES KARIUKI
kariukims at gmail.com
Tue Feb 19 12:42:49 CET 2019
Hello IL Ka,
I followed this instructions here :
https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
And installed the Cert using this steps to install the Certs in Windows :
- cat /etc/ipsec.d/cacerts/ca-cert.pem
You'll see output similar to this:
Output
-----BEGIN CERTIFICATE-----
MIIFQjCCAyqgAwIBAgIIFkQGvkH4ej0wDQYJKoZIhvcNAQEMBQAwPzELMAkGA1UE
. . .
EwbVLOXcNduWK2TPbk/+82GRMtjftran6hKbpKGghBVDPVFGFT6Z0OfubpkQ9RsQ
BayqOb/Q
-----END CERTIFICATE-----
Copy this output to your computer, including the -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE----- lines, and save it to a file with a
recognizable name, such as ca-cert.pem. Ensure the file you create has the
.pem extension.
Alternatively, use SFTP to transfer the file to your computer
<https://www.digitalocean.com/community/tutorials/how-to-use-sftp-to-securely-transfer-files-with-a-remote-server>
.
Once you have the ca-cert.pem file downloaded to your computer, you can set
up the connection to the VPN.
Connecting from Windows
First, import the root certificate by following these steps:
1. Press WINDOWS+R to bring up the Run dialog, and enter mmc.exe to
launch the Windows Management Console.
2. From the File menu, navigate to Add or Remove Snap-in, select
Certificates from the list of available snap-ins, and click Add.
3. We want the VPN to work with any user, so select Computer Account and
click Next.
4. We're configuring things on the local computer, so select Local
Computer, then click Finish.
5.
Under the Console Root node, expand the Certificates (Local Computer) entry,
expand Trusted Root Certification Authorities, and then select the
Certificates entry:
[image: Certificates view]
6.
From the Action menu, select All Tasks and click Import to display the
Certificate Import Wizard. Click Next to move past the introduction.
7.
On the File to Import screen, press the Browse button and select the
certificate file that you've saved. Then click Next.
8.
Ensure that the Certificate Store is set to Trusted Root Certification
Authorities, and click Next.
9.
Click Finish to import the certificate.
Then configure the VPN with these steps:
1. Launch Control Panel, then navigate to the Network and Sharing Center.
2. Click on Set up a new connection or network, then select Connect to a
workplace.
3. Select Use my Internet connection (VPN).
4. Enter the VPN server details. Enter the server's domain name or IP
address in the Internet addressfield, then fill in Destination name with
something that describes your VPN connection. Then click Done.
Thanks
On Tue, Feb 19, 2019 at 12:29 PM IL Ka <kazakevichilya at gmail.com> wrote:
> > EAP-Identity request configured, but not supported
> try
> "apt install libcharon-extra-plugins"
>
> Did you install cert to your windows machine, btw? What error do you see
> on Windows side?
>
>
> On Tue, Feb 19, 2019 at 2:43 AM MOSES KARIUKI <kariukims at gmail.com> wrote:
>
>> Dear Team,
>>
>> I have been having long days trying to configure Strongswan on Ubuntu
>> 18.04. I am not able to connect to the VPN from Windows 10 client, after
>> following the instructions on this link :
>>
>> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2
>> and setting up windows for modp_2048 following these instructions here :
>>
>> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
>>
>>
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Без
> вирусов. www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#m_-1195591788851411328_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190219/fc1ccd74/attachment-0001.html>
More information about the Users
mailing list