[strongSwan] Strongswan Host-to-Host Connection Linux to Windows

Tyler Phillippe tylerphillippe at gmail.com
Fri May 20 15:50:48 CEST 2022


Here are the Linux logs - connecting to a Win10 21H2 machine right now for
testing, will migrate over to Server 2019/2022 eventually. Thanks!

09[NET] received packet: from Windows[500] to Linux[500] (256 bytes)
09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
09[IKE] no IKE config found for Linux...Windows, sending NO_PROPOSAL_CHOSEN
09[ENC] generating INFORMATIONAL_V1 request 2032397121 [ N(NO_PROP) ]
09[NET] sending packet: from Linux[500] to Windows[500] (40 bytes)
05[NET] received packet: from Windows[500] to Linux[500] (256 bytes)
05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
05[IKE] no IKE config found for Linux...Windows, sending NO_PROPOSAL_CHOSEN
05[ENC] generating INFORMATIONAL_V1 request 1617066194 [ N(NO_PROP) ]
05[NET] sending packet: from Linux[500] to Windows[500] (40 bytes)
11[NET] received packet: from Windows[500] to Linux[500] (256 bytes)
11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
11[IKE] no IKE config found for Linux...Windows, sending NO_PROPOSAL_CHOSEN
11[ENC] generating INFORMATIONAL_V1 request 728440835 [ N(NO_PROP) ]
11[NET] sending packet: from Linux[500] to Windows[500] (40 bytes)

On Fri, May 20, 2022 at 9:43 AM IL Ka <kazakevichilya at gmail.com> wrote:

> What about Linux logs?
> Run ``swanctl --log`` on Linux and reinitiate connection.
> Which version of Windows btw?
>
> On Fri, May 20, 2022 at 4:16 PM Tyler Phillippe <tylerphillippe at gmail.com>
> wrote:
>
>> Hello all! I am attempting to connect a Linux machine to Windows via
>> Strongswan in a host-to-host configuration. I tested with Windows to
>> Windows using the built-in firewall and it connected instantly. I changed
>> the default Windows integrity and encryption ciphers and I think I changed
>> them in the Linux Strongswan configuration. However, I am not getting any
>> connection between the hosts and I can't find any logs on the Windows
>> machine to help me narrow down what the issue is. It definitely does not
>> work, since the SSH session on the Linux machine fails out. Below is the
>> swanctl.conf file on my Linux machine. And, I know it's not the most secure
>> method - I'm just trying to get it to initially connect with a PSK since
>> that's the simplest for now. Windows doesn't support modp3072
>> unfortunately, so I had to manually set the Linux config below to modp2048.
>> The Windows firewall is set to use AES-CBC 128, SHA-256, MODP2048 for key
>> exchange and ESP AES-CBC 128, SHA-256 for data protection. What am I doing
>> wrong? Thanks everyone!!
>>
>> connections {
>>     linuxHost {
>>         local_addrs =  (Linux machine)
>>         remote_addrs =  (Windows machine)
>>         proposals = aes128-sha256-modp2048
>>         local {
>>             auth = psk
>>         }
>>         remote {
>>             auth = psk
>>         }
>>         children {
>>             linuxHost {
>>                 esp_proposals = aes128-sha256-modp2048
>>                 mode = transport
>>             }
>>         }
>>         version = 2
>>         reauth_time = 10800
>>     }
>> }
>>
>> secrets {
>>     ike {
>>         secret = <psk>
>>     }
>> }
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220520/3f086005/attachment.html>


More information about the Users mailing list