[strongSwan] Strongswan Host-to-Host Connection Linux to Windows

IL Ka kazakevichilya at gmail.com
Fri May 20 15:34:45 CEST 2022


What about Linux logs?
Run ``swanctl --log`` on Linux and reinitiate connection.
Which version of Windows btw?

On Fri, May 20, 2022 at 4:16 PM Tyler Phillippe <tylerphillippe at gmail.com>
wrote:

> Hello all! I am attempting to connect a Linux machine to Windows via
> Strongswan in a host-to-host configuration. I tested with Windows to
> Windows using the built-in firewall and it connected instantly. I changed
> the default Windows integrity and encryption ciphers and I think I changed
> them in the Linux Strongswan configuration. However, I am not getting any
> connection between the hosts and I can't find any logs on the Windows
> machine to help me narrow down what the issue is. It definitely does not
> work, since the SSH session on the Linux machine fails out. Below is the
> swanctl.conf file on my Linux machine. And, I know it's not the most secure
> method - I'm just trying to get it to initially connect with a PSK since
> that's the simplest for now. Windows doesn't support modp3072
> unfortunately, so I had to manually set the Linux config below to modp2048.
> The Windows firewall is set to use AES-CBC 128, SHA-256, MODP2048 for key
> exchange and ESP AES-CBC 128, SHA-256 for data protection. What am I doing
> wrong? Thanks everyone!!
>
> connections {
>     linuxHost {
>         local_addrs =  (Linux machine)
>         remote_addrs =  (Windows machine)
>         proposals = aes128-sha256-modp2048
>         local {
>             auth = psk
>         }
>         remote {
>             auth = psk
>         }
>         children {
>             linuxHost {
>                 esp_proposals = aes128-sha256-modp2048
>                 mode = transport
>             }
>         }
>         version = 2
>         reauth_time = 10800
>     }
> }
>
> secrets {
>     ike {
>         secret = <psk>
>     }
> }
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220520/bc7a7586/attachment.html>


More information about the Users mailing list