[strongSwan] problem with setup for android connecting in
robsonl at conscious.co.uk
Fri Sep 24 17:43:14 CEST 2021
trying to re create our strongswan setup on a new server, we had a
working proof of concept but the old server was scrapped.
We had some files copied for the config that unfortunately arent working
for some reason now.
also, with charon debug we are not receiving logs for some reason,
nothing in journalctl to help either?
server with an external facing IP hosting strongswan (no firewall
currently for testing setup)
clients connecting in via mobile strongswan with certificate and EAP so
that they can be on the network, the plan is to have it so that any
phone traffic routes through here and any other traffic doesnt.
we have done the local server as the ca for testing, and copied the ca
cert to the phone, however it wont connect, as theres no logs server
side this doesnt help (but a tcpdump when trying to connect shows:
isakmp: isakmp: parent_sa ikev2_init[I]
admin prohibited filter, length 556
phone logs show: unable to terminate ike_sa, peer not responding
here is the config file that i named "android working" from the old
server that isnt working now. (there are duplicate entries of right send
cert, should this be never?, aso for the right auth, what should i be
expecting my .secrets file to look like?)
charondebug="ike 1, knl 1, cfg 0"
any help much appreciated
More information about the Users