[strongSwan] Strongswan on Ubuntu - Failure to connect from Windows 10 client -error: deleting half open IKE_SA with 154.**.***.** after timeout

MOSES KARIUKI kariukims at gmail.com
Tue Feb 19 12:42:49 CET 2019

Hello IL Ka,

I followed this instructions here :

And installed the Cert using this steps to install the Certs in Windows :

   - cat /etc/ipsec.d/cacerts/ca-cert.pem

You'll see output similar to this:


. . .


Copy this output to your computer, including the -----BEGIN CERTIFICATE-----
 and -----END CERTIFICATE----- lines, and save it to a file with a
recognizable name, such as ca-cert.pem. Ensure the file you create has the
.pem extension.

Alternatively, use SFTP to transfer the file to your computer

Once you have the ca-cert.pem file downloaded to your computer, you can set
up the connection to the VPN.
Connecting from Windows

First, import the root certificate by following these steps:

   1. Press WINDOWS+R to bring up the Run dialog, and enter mmc.exe to
   launch the Windows Management Console.
   2. From the File menu, navigate to Add or Remove Snap-in, select
   Certificates from the list of available snap-ins, and click Add.
   3. We want the VPN to work with any user, so select Computer Account and
   click Next.
   4. We're configuring things on the local computer, so select Local
   Computer, then click Finish.

   Under the Console Root node, expand the Certificates (Local Computer) entry,
   expand Trusted Root Certification Authorities, and then select the
   Certificates entry:
   [image: Certificates view]

   From the Action menu, select All Tasks and click Import to display the
   Certificate Import Wizard. Click Next to move past the introduction.

   On the File to Import screen, press the Browse button and select the
   certificate file that you've saved. Then click Next.

   Ensure that the Certificate Store is set to Trusted Root Certification
   Authorities, and click Next.

   Click Finish to import the certificate.

Then configure the VPN with these steps:

   1. Launch Control Panel, then navigate to the Network and Sharing Center.
   2. Click on Set up a new connection or network, then select Connect to a
   3. Select Use my Internet connection (VPN).
   4. Enter the VPN server details. Enter the server's domain name or IP
   address in the Internet addressfield, then fill in Destination name with
   something that describes your VPN connection. Then click Done.


On Tue, Feb 19, 2019 at 12:29 PM IL Ka <kazakevichilya at gmail.com> wrote:

> > EAP-Identity request configured, but not supported
> try
> "apt install libcharon-extra-plugins"
> Did you install cert to your windows machine, btw? What error do you see
> on Windows side?
> On Tue, Feb 19, 2019 at 2:43 AM MOSES KARIUKI <kariukims at gmail.com> wrote:
>> Dear Team,
>> I have been having long days trying to configure Strongswan on Ubuntu
>> 18.04. I am not able to connect to the VPN from Windows 10 client, after
>> following the instructions on this link :
>> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2
>> and setting up windows for modp_2048 following these instructions here :
>> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Без
> вирусов. www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#m_-1195591788851411328_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190219/fc1ccd74/attachment-0001.html>

More information about the Users mailing list